MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 daa89ae6dfe1a6281bf795cf58513b11314b2f5b28267faa87b65f20daeae8a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: daa89ae6dfe1a6281bf795cf58513b11314b2f5b28267faa87b65f20daeae8a6
SHA3-384 hash: 2970fe58e10b066f3bf3fd6c56fd62d5baef85a91d4a1552e6b8bc00e8b3386f021a02da7519506bbfc6c734e14f73fe
SHA1 hash: fa4d29b34073439b2131697417c498d4b809a92f
MD5 hash: 8a92e008195fe533eabf3c3907d109c9
humanhash: sad-muppet-stream-december
File name:Purchasing Lists.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:505'166 bytes
First seen:2020-07-29 14:43:47 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:ZGTWKPGHFo0w8Hdz2GBzlvW3uIQawKfyEE0aU9:Z2WJ3w89z2eiRBwelEi
TLSH 6FB423F71D612C59A2A3972C3BDE173A0288AD4343A37E8C4E69F596041795B3F8F099
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.environment.go.ke
Sending IP: 41.89.1.174
From: Chief Administrative Secretary <cas@environment.go.ke>
Subject: Re: Searching for supplier
Attachment: Purchasing Lists.pdf.z (contains "Purchasing Lists.exe")

AgentTesla SMTP exfil server:
mail.retramtrading.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/daa89ae6dfe1a6281bf795cf58513b11314b2f5b28267faa87b65f20daeae8a6/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3kujvzw74gtcqg7xsxhvquj3ceyuwl23fath7kuhwzpsbwxk5cta._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/daa89ae6dfe1a6281bf795cf58513b11314b2f5b28267faa87b65f20daeae8a6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z daa89ae6dfe1a6281bf795cf58513b11314b2f5b28267faa87b65f20daeae8a6

(this sample)

AgentTesla

Executable exe abe7a852074e704601e7fff625aa43e93ba71c6f0811aef9262b78e725df1278

  
Dropping
MD5 62086c79b69643b8c8cc3c3fd6ef0880
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 abe7a852074e704601e7fff625aa43e93ba71c6f0811aef9262b78e725df1278

Comments