MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9b80304746e3ed70ec58bf5da220d1d45271333c8516cfb4475196d4e6848ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f9b80304746e3ed70ec58bf5da220d1d45271333c8516cfb4475196d4e6848ec
SHA3-384 hash: 039604c2e138026aa865e905b84893a4803ee595b0ff3032d6f7968869ea6ba7e6ad5ae1632feec920424154dbe22bfc
SHA1 hash: 6566915998d66be2b084125b0b4a44929319c4bc
MD5 hash: f356aa11717392c5027041afced30464
humanhash: quebec-high-four-sink
File name:E410B98888.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:590'646 bytes
First seen:2020-07-10 07:04:02 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:GfwpLLWv776JSpTBbFv0sAy/7mZJXO0NmYddN1BV8osVbgx:SwNKT7bF2I70JXp/1/Jm6
TLSH 97C433BD8646D56B8016BA3512C63DF7B384C700BD3B5A21D9EBC0C55299B872F427CB
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: krugerhispana.com
Sending IP: 45.138.172.58
From: Jorge Foret <jorgeforet@krugerhispana.com>
Reply-To: Jorge Foret <jorgeforet@krugerhispana.com>
Subject: RE: Opportunity for Wika products
Attachment: E410B98888.r00 (contains "E410B98888.exe")

AgentTesla SMTP exfil server:
mail.ashpraskills.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f9b80304746e3ed70ec58bf5da220d1d45271333c8516cfb4475196d4e6848ec/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 07:05:12 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7g4agbduny7nodwfrp25uiqndvcsoeztzbiwz62eoumw2ttijdwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 f9b80304746e3ed70ec58bf5da220d1d45271333c8516cfb4475196d4e6848ec

(this sample)

AgentTesla

Executable exe 184f804223ad564aad94a727a9d58543e2d01a308902c95eb328016739938a90

  
Dropping
MD5 4fb67120185f1f35a4ee966dd8673eb7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 184f804223ad564aad94a727a9d58543e2d01a308902c95eb328016739938a90

Comments