MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 985e9207eed42e00e71aa963e440aeb90f79a2192ae9e49667b132a3d585e7c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 985e9207eed42e00e71aa963e440aeb90f79a2192ae9e49667b132a3d585e7c8
SHA3-384 hash: 1eacfde2b30a5cb3fd4db373cde5e09af6587ae07434cf72b8020d73c6b747c7dbd22278d80bd33219c2da3ae3fc36a7
SHA1 hash: 8a1cf7e32618e51f15db3f1b3ce980bd6f05245d
MD5 hash: a3f5b17d26ba7e15e78b69aec77e206c
humanhash: five-mars-london-east
File name:Quarantine.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:973'717 bytes
First seen:2020-06-07 08:02:17 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:Wx1QaDo7srRtliiqao/uU5Nh9sEU1jIqmaQy:WnQaDo0Doig2WFohIDaQy
TLSH E225335FA47E7B0FB3329D6A8A56E0B630301547E43F8B4B9CED8BBF8251E0045D2959
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cloudserver1.villarambuttri.com
Sending IP: 128.199.93.242
From: Jaap<account7@rbt.co.th>
Subject: PAYMENT CLEARED AS ON JUNE 3RD 2020..
Attachment: Quarantine.rar (contains "Quarantine.exe")

AgentTesla SMTP exfil server:
mail.panchavatihotels.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-06-07 08:04:06 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tbpjeb7o2qxabzy2vfr6iqfoxehxtiqzflu6jfthwezkhvmf47ea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 985e9207eed42e00e71aa963e440aeb90f79a2192ae9e49667b132a3d585e7c8

(this sample)

AgentTesla

Executable exe dcf4b6de0dd64b2f74a4740e258fc290f3e4451621c269599a15e92ccbe8582f

  
Dropping
MD5 c8c364523faae365b63f5ed97c8af38e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dcf4b6de0dd64b2f74a4740e258fc290f3e4451621c269599a15e92ccbe8582f

Comments