MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0bcf0a699bad123a8dade06067df4838fcebf088de8a991b8671e57fcb0ee94. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0bcf0a699bad123a8dade06067df4838fcebf088de8a991b8671e57fcb0ee94
SHA3-384 hash: bc59eeb31e2441d32bc108d12448c5addfc60337496964f97e5a07bbae4db015ecb007b72a48fd433c1d76f49f06a7ac
SHA1 hash: ddf40df249dfba3ef0cecff15e92d8c6b78032ac
MD5 hash: 9719b80c133b0824d0377c973190e637
humanhash: nine-oranges-papa-nuts
File name:RFQ_ITT 30-2020.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:332'266 bytes
First seen:2020-05-03 12:26:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:mGTkwSVw1VdWlGUKMcBpj9fCZ+GQDYOG5mZCWMsKOTrRkTj:PTjw4nUKlBpJ1G8JG52oyrRk3
TLSH 77642371494AD1E94CEB39F36E7C09EC859BA14705FD2F55BCE0A202F05B6E62E4C9B0
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.aduamerica.pe
Sending IP: 198.1.66.95
From: Jaco Jacobs <jaco@africangrain.co.za>
Reply-To: Jaco Jacobs <arkshopibericq@gmail.com>
Subject: Fw: Re: RFQ_ITT 30/2020
Attachment: RFQ_ITT 30-2020.pdf.z (contains "RFQ_ITT 30-2020.pdf.exe")

AgentTesla SMTP exfil server:
mail.apipharrnatech.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Banker1.29984.6937.4840.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-03 12:35:30 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uc6pbjuzxlishkg23ydam7puqoh45pyirxuktenym4pfp7fq52ka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip a0bcf0a699bad123a8dade06067df4838fcebf088de8a991b8671e57fcb0ee94

(this sample)

AgentTesla

Executable exe 18ee411e31ac1f4e3bcd2d811b147853bf2977645c631809acc75b7639e7292c

  
Dropping
MD5 2857e40a8d328c591b1ce60a864af646
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 18ee411e31ac1f4e3bcd2d811b147853bf2977645c631809acc75b7639e7292c

Comments