MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c81db8de6ec63d8130183a2879dea3c27cc8dfda8bdfbccaa06def3365f598f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c81db8de6ec63d8130183a2879dea3c27cc8dfda8bdfbccaa06def3365f598f3
SHA3-384 hash: 5b31ec84df9781273202062d9eef46474fc8ed14cfb94ef4fdc6a3d1208daaeed3914348f1ed97eba12d492f20db37cc
SHA1 hash: c1b78e105595d26cd0cf3a115634e0b2b4fe7516
MD5 hash: 82cfd800810ea1e4e4be859f335096ab
humanhash: oregon-yankee-moon-vegan
File name:PO AND PRICE LIST.lzh
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'265'958 bytes
First seen:2020-05-06 18:00:02 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:GqPTUvLNu0Ic6YrVWWedzwVzf6THgChaxeUyXqzcnulZEmilb4j+Z:3PITLprVWWedSzf6THgUaAUcTnulZEmK
TLSH DD4533F4C80626CB70D58E6360A5CC72160F68E116B73242DD7CDCAB7763BB8263959B
Reporter abuse_ch
Tags:AgentTesla lzh


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sonic305-1.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.133.40
From: Maria Bianchi <mariajoe51@yahoo.com>
Reply-To: Maria Bianchi <mariajoe51@yahoo.com>
Subject: Fw: RFQ FOR QUOTATION [UPDATED PRICELIST]
Attachment: PO AND PRICE LIST.lzh (contains "PO AND PRICE LIST.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 18:36:38 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zao3rxtoyy6ycmayhiuhtxvdyj6mrx62rpp3zsvanxxtgzpvtdzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar c81db8de6ec63d8130183a2879dea3c27cc8dfda8bdfbccaa06def3365f598f3

(this sample)

AgentTesla

Executable exe 435094ea4af1e6915a87c884a3c5a838de1390e0f517a739e7adcc00febcb1ed

  
Dropping
MD5 e401586cc698a3be39b019688b83ebad
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 435094ea4af1e6915a87c884a3c5a838de1390e0f517a739e7adcc00febcb1ed

Comments