MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a07bfd08ec1413dc5ee484e7b742a1b02e0006db1c437e4a0bdd51f71c8f3538. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a07bfd08ec1413dc5ee484e7b742a1b02e0006db1c437e4a0bdd51f71c8f3538
SHA3-384 hash: 86694bd25bb62cc10ad343b272677ef3121daed49c6a8a42ca9fcfb59f941829927be405241c1b7a16d3f2ea6ab70132
SHA1 hash: 302abd902de9e2177b1f97b7f4716bc993e0142b
MD5 hash: 11bbc746324b5e70ca29a301184e3f7a
humanhash: bluebird-eleven-neptune-video
File name:PO132671 OBSNAP.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:398'724 bytes
First seen:2020-06-08 07:53:20 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:k6cal2O6CGMQe1on/5iRgA5FcVKim/he6z5CiwpGNKLfbZP/BXVJ:G22O6JeWn/5ygA5Fvim/Jz/Ef9ZX
TLSH 28842356D90E86F585C2944A3F4D6D4AE63CBCE16F4CF691A0A268B3008C8FF5E42DD7
Reporter abuse_ch
Tags:AgentTesla cab


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: obsnap.com
Sending IP: 209.58.149.66
From: Norbaiyah <sales@obsnap.com>
Subject: RE: PO132671 OBSNAP
Attachment: PO132671 OBSNAP.cab (contains "PO132671 OBSNAP.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.67676.4277.26208.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 07:55:05 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ub572chmcqj5yxxeqtt3oqvbwaxaabw3drbx4sql3vi7ohepgu4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab a07bfd08ec1413dc5ee484e7b742a1b02e0006db1c437e4a0bdd51f71c8f3538

(this sample)

AgentTesla

Executable exe 62b19e7d5d6ae7d5f20ac030ccb604797fc054ad153b8095513c9874b2e5f45c

  
Dropping
MD5 d2762d482acc3a6b7fc95e8848845afc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 62b19e7d5d6ae7d5f20ac030ccb604797fc054ad153b8095513c9874b2e5f45c

Comments