MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c80cc4c9c0e7306f4948eea89ac5854fc49c9bd13ae5927c77ed94c42d8de44. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c80cc4c9c0e7306f4948eea89ac5854fc49c9bd13ae5927c77ed94c42d8de44
SHA3-384 hash: accd45e5c2b4602697f110ec4c2f5dbbcecc3ae8c940e079883602c2ddaa3c094234bb9e44cc74ed931b73e8822464c8
SHA1 hash: 19ce55fc03093d85a2eab995e49991928991e3ac
MD5 hash: fcdb12568c848e1c5471448a77c04ccf
humanhash: lithium-crazy-alanine-connecticut
File name:Scan docs.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:517'465 bytes
First seen:2020-06-29 11:53:10 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:7se68fwu1ycGmfQMV1MdQA8He3dgZNMRUaocN5uAgOiV:s8fwuYcNf3SQA8+3HUDcruwa
TLSH 5FB4232D2F665AEDC5F6320C58C1487D48AF4F4084FF4D48297A21BD697BB42FBD8928
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mesonjulian.com
Sending IP: 45.143.222.124
From: Brian Alex <contacto@mesonjulian.com>
Subject: Payment Advice - T/T No. D23984711611CTB
Attachment: Scan docs.rar (contains "Scan docs.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9c80cc4c9c0e7306f4948eea89ac5854fc49c9bd13ae5927c77ed94c42d8de44/
Threat name:
Win32.Trojan.DelfFareIt
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 11:55:04 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tsamyte4bzzqn5eur3vitlcykt6etsn5coxfsj6hp3muyqwy3zca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 9c80cc4c9c0e7306f4948eea89ac5854fc49c9bd13ae5927c77ed94c42d8de44

(this sample)

AgentTesla

Executable exe 71d8159ce550c2d8526d40a569f7c3cea6da7107208d80d8ccb15cdbda64603a

  
Dropping
MD5 43610617c1be60cdcb9cb1a9812e27b9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 71d8159ce550c2d8526d40a569f7c3cea6da7107208d80d8ccb15cdbda64603a

Comments