MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f896b6a16e1f2baf69dde202500fdd23e7f07d81c7b87988fca465ae3234307. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f896b6a16e1f2baf69dde202500fdd23e7f07d81c7b87988fca465ae3234307
SHA3-384 hash: 820f6d56881c2ee97acfd01b2041775c2c42bbdca01983d069da25c4b3a01fb6736a730887bc60fd7b228420ff6486a5
SHA1 hash: 18f34a442530ffb3496c1c0a52737586cc7f2944
MD5 hash: 2a399c8b10f4cba9e241a943637469df
humanhash: red-november-undress-texas
File name:PI HH-092-06-020.pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:447'382 bytes
First seen:2020-05-06 16:57:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Yh1Uc+pbTj4tOhsF2GJiWR8Mz4Yn6TzNVcncwL/zeD:Yh1U/OOhsFCPMPmzNVccwL74
TLSH E49423DD1E19528AF0274029DEAE1A75B7450AE3728C798530405375E32EFFEDBF6280
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ssd1.celiahomes.com
Sending IP: 80.86.93.180
From: Mussart Shoukat <amimpex@shaigan.com>
Subject: RE: FW:PI HH-092-06-020
Attachment: PI HH-092-06-020.pdf.zip (contains "PI HH-092-06-020.pdf.exe")

AgentTesla SMTP exfil server:
vps36800.inmotionhosting.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 16:53:55 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r6eww2qw4hzlv5u53yqckah52i7h6b6ydr5ypgepzjdfvyzdimdq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 8f896b6a16e1f2baf69dde202500fdd23e7f07d81c7b87988fca465ae3234307

(this sample)

AgentTesla

Executable exe 5414cf595330039e37207937b476125e93a19250bb4023b1c4ea6489c4c725ac

  
Dropping
MD5 794130bca05f39f48ee8f73a37453b8e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5414cf595330039e37207937b476125e93a19250bb4023b1c4ea6489c4c725ac

Comments