MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0786e95cd6675bba78c4b4c676100a94c5a442907194086225fbf5cfc75fb82b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0786e95cd6675bba78c4b4c676100a94c5a442907194086225fbf5cfc75fb82b
SHA3-384 hash: c3107219968f2dfd94385b9b22e08bceff7c10f36f0fe3f212ca284f0fe9555b53f979cbea2db4e7ca85c5bda0c14a89
SHA1 hash: fef645e5579b7d0faab9883fe8c9b85174361050
MD5 hash: c42c784a1b75d577a32ac19dfcd9e363
humanhash: indigo-early-eighteen-violet
File name:INQUIRY ORDER.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:543'638 bytes
First seen:2020-08-17 13:43:10 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:7rTBIm1A8oLQYMROsXIbk5MWgBcRq33RDz0AjpG3:XTBIm1j6QMs4bmQBeqRMAjK
TLSH C1C423EDD1C27A844208A4B3B7B9D7F614768AF6B705A7445C5329DFAACF05F2B0C086
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: xv20.520.pinotvineryms.cf
Sending IP: 167.172.54.121
From: MS ATIKAH <sales@520.pinotvineryms.cf>
Reply-To: katharina.daehn@enserv.org
Subject: MULTI-IMPACT/INQUIRY ORDER
Attachment: INQUIRY ORDER.gz (contains "INQUIRY ORDER.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0786e95cd6675bba78c4b4c676100a94c5a442907194086225fbf5cfc75fb82b/
Threat name:
Win32.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 13:45:06 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a6dosxgwm5n3u6gewtdhmeakstc2iquqogkaqyrf7p247r27xavq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0786e95cd6675bba78c4b4c676100a94c5a442907194086225fbf5cfc75fb82b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 0786e95cd6675bba78c4b4c676100a94c5a442907194086225fbf5cfc75fb82b

(this sample)

AgentTesla

Executable exe 7934952312dc626e77d742efdcd3957a1c86daddcba56b3e66a94f48b03c736a

  
Dropping
MD5 295848aa7088ff69e8ee0ec5eb6983ba
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7934952312dc626e77d742efdcd3957a1c86daddcba56b3e66a94f48b03c736a

Comments