MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8fda73ba90aaf0425f02fc7a8fe050eb57cdfe1d8cdfd5ac5b36e07394ae9fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8fda73ba90aaf0425f02fc7a8fe050eb57cdfe1d8cdfd5ac5b36e07394ae9fe
SHA3-384 hash: d229a937c5d50d5fa7c85d2a05e46d3013647e987c2a379066b2835ea49e53ed9d6f533b9a166e7537a39444039af9c6
SHA1 hash: 292980d6e5228ac81431701567449ee1e3f97047
MD5 hash: 46537ed4c5487a07e82aff76ba20c449
humanhash: speaker-hydrogen-finch-lithium
File name:purchase order_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:249'863 bytes
First seen:2020-05-06 09:56:53 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:6STQOGpPGP6uqlgLemSCVZVP4+TodyHVHqLaqC+0k:J3Gpei2LZg0M5n
TLSH 4534239D6CEF0BC580FF1277274CA35C825484F7065824BAC55F934A680A3DD276E9ED
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: paymontly.servers.prgn.misp.co.uk
Sending IP: 185.20.50.76
From: ALIK NEYMAN <info@geneway-com.cf>
Subject: New Order PO-66758QQE334
Attachment: purchase order_pdf.gz (contains "purchase order_pdf.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 10:36:55 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xd62oo5jbkxqijpqf7d2r7qfb22xzx7b3dg72wwfwnxaookk5h7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz b8fda73ba90aaf0425f02fc7a8fe050eb57cdfe1d8cdfd5ac5b36e07394ae9fe

(this sample)

AgentTesla

Executable exe 91432b548cdd2114d2995c2dd5ace79218072f8c125b2da3ca4cfaf7014a31c5

  
Dropping
MD5 1fb7e0b89187c6092abf6ad03cb83c84
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 91432b548cdd2114d2995c2dd5ace79218072f8c125b2da3ca4cfaf7014a31c5

Comments