MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8b6e4a4f6bec623487e44997ba6f060b425e9ccbe25e679da1739b8e47b7f9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8b6e4a4f6bec623487e44997ba6f060b425e9ccbe25e679da1739b8e47b7f9d
SHA3-384 hash: f85be6cd6664fad233d9babcf3926f808cd717cccd6310ce76faa36e2652ccd1ba3bf7bf4c75c6a94d541f935fca45d5
SHA1 hash: 2a2a184ac91c408b470b880e873037b19c56a244
MD5 hash: 9d63c7d1330e0794791a397316a89024
humanhash: twenty-oranges-pizza-delaware
File name:Flight Ticket Payment Refund Confirmation 377829377299283 ETK 372892.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:407'781 bytes
First seen:2020-07-16 08:08:50 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:zQv09q5g0R7Yezu8ytX50KeLhqVuoU0GTXwUnxGHuDcy:M09q206G9PKouvMw8GHuDcy
TLSH 268423E54CBC99AB59F0EA7F2B1B53401227BCEB659F5DE59183E4364309E203226C74
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: lasfragancias.com
Sending IP: 200.110.77.218
From: My Trips <funioro@lasfragancias.com>
Subject: Ticket refund confirmation PNR 889XX
Attachment: Flight Ticket Payment Refund Confirmation 377829377299283 ETK 372892.z (contains "Flight Ticket Payment Refund Confirmation 377829377299283 ETK 372892.exe")

AgentTesla FTP exfil server:
ftp.rebu.co.rw:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b8b6e4a4f6bec623487e44997ba6f060b425e9ccbe25e679da1739b8e47b7f9d/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 08:10:12 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xc3ojjhwx3dcgsd6ismxxjxqmc2cl2omxys6m6o2c443rzd3p6oq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z b8b6e4a4f6bec623487e44997ba6f060b425e9ccbe25e679da1739b8e47b7f9d

(this sample)

AgentTesla

Executable exe 20a8ca777ba828efffa12d141713da098fe742dd950797a0599e433a4a692757

  
Dropping
MD5 eac4fa22d901a2b63cee46a1c1f301d9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 20a8ca777ba828efffa12d141713da098fe742dd950797a0599e433a4a692757

Comments