MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce8bdb56afe559afa70693d3db8f7c7fc0389f4bd8d5ee1f0c33875447070ea5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce8bdb56afe559afa70693d3db8f7c7fc0389f4bd8d5ee1f0c33875447070ea5
SHA3-384 hash: 724c45314f028d30d302864871e51639daa56f1fdaa6d8299eab25f10e3667e2fd232d65ad893695e06b562b1bae313c
SHA1 hash: 746b210a31872ba959071c65b854ce3f30c32801
MD5 hash: abf2953f215b2dba165d40f5386c4390
humanhash: lactose-queen-spaghetti-april
File name:AlibabaContract_July_2020.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:429'366 bytes
First seen:2020-07-07 17:26:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:+CdsjVbIG9qWTqn1GraXAKdXOJiJeO8mUbhRJo/8l7XiPgy4T3OtlXnen4cowzXC:+CxcWXr05OfUbhRyGFfT3mYPolox7UIc
TLSH 4D9423C2354237BB734BB65D54ED021F23637D4632EF5744868EE39F60660A182BE9C9
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: alibaba.com
Sending IP: 62.141.50.129
From: Austin Petr <austinp@alibaba.com>
Subject: New quote and order
Attachment: AlibabaContract_July_2020.zip (contains "Rev Cont CD20(3) SC# IDM392(20) SC# - DRB.exe")

AgentTesla SMTP exfil server:
retailevaluations.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ce8bdb56afe559afa70693d3db8f7c7fc0389f4bd8d5ee1f0c33875447070ea5/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 17:27:04 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z2f5wvvp4vm27jygspj5xd34p7adrh2l3dk64hymgodviryhb2sq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ce8bdb56afe559afa70693d3db8f7c7fc0389f4bd8d5ee1f0c33875447070ea5

(this sample)

AgentTesla

Executable exe 1a74ccf719aa43c97835fd2bd03de4c85d4d4eaad56482b8d4d70e3f8beac769

  
Dropping
MD5 21d3d4a548696aac6bbe682a8e745213
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1a74ccf719aa43c97835fd2bd03de4c85d4d4eaad56482b8d4d70e3f8beac769

Comments