MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a84902bbc64bef32a19bcbd8a67b8d80e00e26ddc1d38467e55461b419e56976. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a84902bbc64bef32a19bcbd8a67b8d80e00e26ddc1d38467e55461b419e56976
SHA3-384 hash: 67056b3ffc82186da305189182419f183cb1404b05ffbc8e7b7d5c8a9ecbd597747a05d081f8a835a2446204faa98173
SHA1 hash: cda3550c8e61c3c2c6cf7a1672329152811298b5
MD5 hash: 6c59590bae204293950dc473cb2e6748
humanhash: arizona-wolfram-two-may
File name:Order.Html.lzh
Download: download sample
Signature AgentTesla
Create hunting rule
File size:597'466 bytes
First seen:2020-08-27 08:07:54 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:hi8QntMK9i+/VZUjbqjDZNT+/RQDVKXGhKTXMbhKr0JuOkcHE:hz8j9i+/VrXbT+/iVKzuhCF
TLSH E0D423502CE53EC7170CD9F8B5CCB909ADA70B560E3E415012A6BFD578D423AAF41AAF
Reporter abuse_ch
Tags:AgentTesla lzh Outlook


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: EUR02-AM5-obe.outbound.protection.outlook.com
Sending IP: 40.92.67.35
From: Maria Kikiri <mariakik1@hotmail.com>
Subject: AW: Price request....
Attachment: Order.Html.lzh (contains "KsoUkx8kQkhNBfv.exe")

AgentTesla SMTP exfil server:
roham.dnswebhost.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a84902bbc64bef32a19bcbd8a67b8d80e00e26ddc1d38467e55461b419e56976/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-08-27 08:09:05 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vbeqfo6gjpxtfim3zpmkm64nqdqa4jw5yhjyiz7fkrq3igpfnf3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a84902bbc64bef32a19bcbd8a67b8d80e00e26ddc1d38467e55461b419e56976

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar a84902bbc64bef32a19bcbd8a67b8d80e00e26ddc1d38467e55461b419e56976

(this sample)

AgentTesla

Executable exe 8bd67af43b81d9303bc114e81c598c9ae1cb4d55315c750ae3eea3691513c94f

  
Dropping
MD5 97cd758a698d47b01edd4a3281503176
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8bd67af43b81d9303bc114e81c598c9ae1cb4d55315c750ae3eea3691513c94f

Comments