MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0a04518fc7a861d4fbb81430b82bd5e17394dfeeddff414e3f7d1966d457155. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0a04518fc7a861d4fbb81430b82bd5e17394dfeeddff414e3f7d1966d457155
SHA3-384 hash: 5ebe3f2b66c93692a3ad89494c2d0245d227b3d53b2fd4bdf7b1bd19351ed4acbc9fe63139e1c6f31e7b6fd711597717
SHA1 hash: 5cf8923a6c87b5668b13459903573583b409bde1
MD5 hash: 61bafb047ba7c7d748a8eca5cdb43caf
humanhash: cardinal-helium-freddie-hotel
File name:commission invoice.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:702'235 bytes
First seen:2020-08-05 11:49:35 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:Xh9IcqVV8qZQRJBRug8fJcllNuUyMswJWE6U6ksrN5b4UfF3yfxWmrWtX14MvEVG:R9Vq380eB8cllN5yMPEE6UF6pdf9yfxa
TLSH 23E4235ADDB12B6021D0EF67A4DA79918C08C67390F60BA2C57E90DF6F0CA439F392D5
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: glo.globalalliancelog.com
Sending IP: 192.254.201.27
From: Kamini Anil <kamini.anil@veeroverseas.com>
Subject: E Statement of account. 6
Attachment: commission invoice.gz (contains "commission invoice.exe")

AgentTesla SMTP exfil server:
mail.greensudrhotel.com:26

AgentTesla SMTP exfil email address:
reservation@greensudrhotel.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Formbook-9228643-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c0a04518fc7a861d4fbb81430b82bd5e17394dfeeddff414e3f7d1966d457155/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 11:51:06 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ycqekgh4pkdb2t53qfbqxav5lyltstp65xp7ifhd67izm3kfofkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c0a04518fc7a861d4fbb81430b82bd5e17394dfeeddff414e3f7d1966d457155

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz c0a04518fc7a861d4fbb81430b82bd5e17394dfeeddff414e3f7d1966d457155

(this sample)

AgentTesla

Executable exe f7e7f9c0172ba900708b35378e311e9a29168621ed968082f3f980f81de19c54

  
Dropping
MD5 e770121ccf7b3cddde5d6548cb9efdfe
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f7e7f9c0172ba900708b35378e311e9a29168621ed968082f3f980f81de19c54

Comments