MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a87723c06c55058307ac7e9910ec3ece016d88a9872e7998d7a11df4011d30ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a87723c06c55058307ac7e9910ec3ece016d88a9872e7998d7a11df4011d30ca
SHA3-384 hash: 37bba65c8ba5f9182995dce24a82799ca761e341326cbfe4d070ea381549d4e0ebe7952acbb46dbd6bf65c6c655aa738
SHA1 hash: 386868251f2b7c08d5da7bbafc4d86eb42cee793
MD5 hash: 6acadd402531f526cabf2573c5f51a13
humanhash: march-equal-angel-lima
File name:PDF.CF20050062_2020-05-28.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'097'152 bytes
First seen:2020-06-08 08:39:11 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:Ctb20pkaCqT5TBWgNQ7axS+bYtEZJHM/yHvbWLbLJZLQGoFmkcE2D6A:PVg5tQ7ax3Q+JHPvSRZLQbZ3E5
TLSH AEA5D02273DEC361C7B25273BA157741AEBF782506A1F46B3FD80DBCE920121525EA63
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.strongmailvault.com
Sending IP: 111.90.144.228
From: Kassem Bevechov <office@jinpao.us>
Subject: TOP URGENT QUOTATION REQUEST ...RFQ
Attachment: PDF.CF20050062_2020-05-28.IMG (contains "PDF.CF20050062_2020-05-28.exe")

AgentTesla SMTP exfil server:
smtp.studlandstol.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27681.XorExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 08:41:03 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vb3shqdmkucygb5mp2mrb3b6zyaw3cfjq4xhtggxueo7iai5gdfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img a87723c06c55058307ac7e9910ec3ece016d88a9872e7998d7a11df4011d30ca

(this sample)

AgentTesla

Executable exe 03705e80544a6e5a57ee2dd76695385f3ad3c889ccfac6ee3894fcb1d4cd8892

  
Dropping
MD5 3e0130e9d38f38bc694da3a0c9289e0e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 03705e80544a6e5a57ee2dd76695385f3ad3c889ccfac6ee3894fcb1d4cd8892

Comments