MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9065a2328fba7ecd328a09e36f5c03a728a8a9daabe8549b60529a6e513fd0bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9065a2328fba7ecd328a09e36f5c03a728a8a9daabe8549b60529a6e513fd0bf
SHA3-384 hash: 7d6129adf1085ef74c8b43cec987d733c258187ad237b9f50adfb94c44d30c9a49186e697b00db1f073f2af33ed251c7
SHA1 hash: f79620d1cee969cfc980d801a7a2af085ec15ac6
MD5 hash: 25197e340a4d28abdbb518391e6df024
humanhash: twenty-sierra-magazine-sink
File name:TT COPY.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:461'834 bytes
First seen:2020-05-04 21:26:52 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:VLwLrsVOD0rls/VEkEsMcATlPkvctpeFb9cH0Fe:VkLrAdhsdEns4PkvctphL
TLSH F3A423E3B76DC6B55B6970CE5805A72B997FC08F2700F226D45847203B758827CEAC6B
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: premium76-2.web-hosting.com
Sending IP: 162.213.253.84
From: contact@nationalmedicosorganisation.org
Subject: Advance Payment For proforma invoice No: 0099052
Attachment: TT COPY.r00 (contains "TT COPY.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 21:36:56 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sbs2emupxj7m2mukbhrw6xadu4ukrko2vpufjg3akkng4uj72c7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 9065a2328fba7ecd328a09e36f5c03a728a8a9daabe8549b60529a6e513fd0bf

(this sample)

AgentTesla

Executable exe 9feec7852ef1647fa53b548d5d55ae251bd5df7f112f22a63238612b6ffad1ea

  
Dropping
MD5 3939bcadb154eaf7be2087c5fc8c55b2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9feec7852ef1647fa53b548d5d55ae251bd5df7f112f22a63238612b6ffad1ea

Comments