MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8bf17bd8c47ef33becaf456f9280932a6e14c201168a4b5205129388c3ba452. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8bf17bd8c47ef33becaf456f9280932a6e14c201168a4b5205129388c3ba452
SHA3-384 hash: cb191c48abc2683e90ad14759c957f5e2db1f0deaffaabc45ffb141ebe3061dea263d5b52f88c19b42c93eaf014e4b31
SHA1 hash: c6a24859049dfffa2b3659628060e047767bab48
MD5 hash: bbe0e624036d4590b29b35063eb60549
humanhash: wyoming-eighteen-fifteen-carolina
File name:PO-333063783-sn-997588983y3.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:429'937 bytes
First seen:2020-06-18 05:37:50 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:2SpfzKKMQYbBGvUL0cbZ0lUqgD5ZVl/rh6LrMQXa:2SFzKKMrovULXlZVl/rh6MQq
TLSH 4B9423F54A299CCBF6A37CBC1B5D141C96BCCE261BB40F5DC00A945A77A8011A93D8EB
Reporter abuse_ch
Tags:7z AgentTesla COVID-19


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.vpstart.com
Sending IP: 136.228.128.29
From: Lee Seo <L.seo@krones.com>
Reply-To: Lee Seo <nurdan.ozirneks@gmail.com>
Subject: Sample PO: COVID-19 Impact on Global Autism Spectrum Disorder Market Size, Share, Trends and Forecast 2020-2026!99
Attachment: PO-333063783-sn-997588983y3.7z (contains "PO-333063783-sn-997588983y3.exe")

AgentTesla FTP exfil server:
ftp.aydangroup.com.my:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27572.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 05:39:03 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7c7rppmmi7xthpwk6rlpskajgktoctbacfukjnjakeutrdb3urja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z f8bf17bd8c47ef33becaf456f9280932a6e14c201168a4b5205129388c3ba452

(this sample)

AgentTesla

Executable exe 15b2aa8ef11f5e70dff7e0b3bdbbce2f58de5a623a6af850685b9038c256358a

  
Dropping
MD5 c2db926796567f838c1a192210b7bf42
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 15b2aa8ef11f5e70dff7e0b3bdbbce2f58de5a623a6af850685b9038c256358a

Comments