MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa8a92c9c087d169e7715241e67b1b47e8dad9f7964d7f6a6785dc70bd8c1a07. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa8a92c9c087d169e7715241e67b1b47e8dad9f7964d7f6a6785dc70bd8c1a07
SHA3-384 hash: 645308ec864f2c1b1e1ba516f094e5679ef84a953587a919214e91d3caeb24f91f45c1a83387dc8496d8c1765ffd3877
SHA1 hash: 5fcab586be54330e51edc2a6b460b55b95c2091e
MD5 hash: 552d6b860fc01245e567e7421039a964
humanhash: mars-fillet-spring-illinois
File name:New Order.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:375'354 bytes
First seen:2020-06-26 07:44:34 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:ECaI9FOQDod3i+Eit1C6DERpO7wPzpLZxRngVdsZXtPDNgjD/8Y5TBBBUvXPX8L6:pnFOBS+hTDIpOEPzxNwdsZXtPJuDXpjy
TLSH 648423522492AD744F22E6B04BF94BAE2B20BCEC0E1FA4BD579D55D7C53CD8307A1C09
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: rai.nl
Sending IP: 45.143.222.106
From: ''Murat Jasni Hernedas''<a.bos@rai.nl>
Subject: New Order
Attachment: New Order.r00 (contains "New Order.exe")

AgentTesla SMTP exfil server:
smtp.uae-messefrankfurt.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aa8a92c9c087d169e7715241e67b1b47e8dad9f7964d7f6a6785dc70bd8c1a07/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 07:46:05 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vkfjfsoaq7iwtz3rkja6m6y3i7unvwpxszgx62thqxohbpmmdidq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 aa8a92c9c087d169e7715241e67b1b47e8dad9f7964d7f6a6785dc70bd8c1a07

(this sample)

AgentTesla

Executable exe ac873de025d0c56aa703886588935bad57548b776dd73b4f684111d8c5c280d3

  
Dropping
MD5 cc96c0fbfb96a606eab1db84528656d7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ac873de025d0c56aa703886588935bad57548b776dd73b4f684111d8c5c280d3

Comments