MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef677a9d57271377d545f52a8145e8b9b867ff811b11dfdf6a2ceee2744dfc5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef677a9d57271377d545f52a8145e8b9b867ff811b11dfdf6a2ceee2744dfc5a
SHA3-384 hash: e6fbeadbbb79d54ddd4dd3535073fb0fe7943ed8bb5c6d2367bc637edd22be9af45caaf4e53cae93dcfaca0da714003f
SHA1 hash: 9e74c3e65966cde90cfa052607c63abc96c23247
MD5 hash: 9f5c5b185db71c2cdfed041f17026310
humanhash: lithium-ten-papa-stream
File name:Remain outstanding payment invoice.Ala Eddine Boukhzar.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:382'548 bytes
First seen:2020-07-16 06:18:40 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:3A988vEBC8CbEJHEX4iCEzkYZGQgIIWx2RhBYNLRCbngo9Yqep3IvHOW:3A+8vmCvIJH3EAYwBIZxUBYNLRCc1qea
TLSH 078423B70235A61A64B2203B5524448BBB85DA2170F77013E692305FDEE4FDB46BDCAF
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: brookplast.com
Sending IP: 209.58.149.70
From: Riyaz Ahmed<riyaaz@brookplast.com>
Subject: Fw: outstanding payment EUR2 Invoice with SOA
Attachment: Remain outstanding payment invoice.Ala Eddine Boukhzar.pdf.gz (contains "Remain outstanding payment invoice.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ef677a9d57271377d545f52a8145e8b9b867ff811b11dfdf6a2ceee2744dfc5a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 06:20:11 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=55txvhkxe4jxpvkf6uvicrpixg4gp74bdmi57x3kftxoe5cn7rna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz ef677a9d57271377d545f52a8145e8b9b867ff811b11dfdf6a2ceee2744dfc5a

(this sample)

AgentTesla

Executable exe b4f20fdfdb4f4e477ae4a2c5edb89d474914a29a0244c8abb6b69eadc534ef5b

  
Dropping
MD5 ca9d362d5fa055a3e978a1e6c7ba4371
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b4f20fdfdb4f4e477ae4a2c5edb89d474914a29a0244c8abb6b69eadc534ef5b

Comments