MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9db87a76df868ab4fb47218cf9ee8053f783296f9b5c31640ad2151c744950b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9db87a76df868ab4fb47218cf9ee8053f783296f9b5c31640ad2151c744950b
SHA3-384 hash: 62ab05dbae939004ff03c3ed790010f91c004c0de8f318467fcc45780d4be4c41c0b282e61e07b89e62fa7c39af27437
SHA1 hash: 665375807c9f410d88f10ca9b0ef63d8dd830f7e
MD5 hash: bb9ef9ad5aec112a98803f01ff1d8409
humanhash: indigo-crazy-lion-magnesium
File name:signed invoice2.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:374'935 bytes
First seen:2020-06-18 06:01:16 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 6144:PjePdVgz1dQ0N3kDPCqpE0nl/d6MBkjmFzbSEn8IVTCl3ttcd:OdOvQ0qPCn0iQkjmFz2a8ITK3XE
TLSH 4784239B447133BB2731D8F7EDF26F29EEC924E6D9E5A51D5D3128F08B449AC4632022
Reporter abuse_ch
Tags:ace AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 162-241-215-159.unifiedlayer.com
Sending IP: 162.241.215.159
From: Sam Chen <sam@cltcl.com>
Subject: RE: Signed Invoice
Attachment: signed invoice2.ace (contains "signed invoice.exe")

AgentTesla SMTP exfil server:
mail.onouniforms.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-06-18 06:03:05 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zhnypj3n7bukwt5uoimm7hxiau7xqmuw7g24gfsavuqvdr2esufq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace c9db87a76df868ab4fb47218cf9ee8053f783296f9b5c31640ad2151c744950b

(this sample)

AgentTesla

Executable exe 5014f4c9eeca337120351e1c515e7d6939cebfe138a9f3687427642c147fed19

  
Dropping
MD5 4bc608195fcf40577c3f3e497e6e4331
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5014f4c9eeca337120351e1c515e7d6939cebfe138a9f3687427642c147fed19

Comments