MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b0c8a9ba29e509269618747b36223a1ca0e47c3a6cd4a11b2d5ddb1aede7c03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b0c8a9ba29e509269618747b36223a1ca0e47c3a6cd4a11b2d5ddb1aede7c03
SHA3-384 hash: 26686381984bbd5e42ef332f5bebce0f4b14596c695589c7d2bc760cceb4b16982ce488c9e8b2482c9bdac96a94f8782
SHA1 hash: 66b088e8842de640e824ec8aacb24024ee77ce0a
MD5 hash: f0b5b0a234cb9ab4248a8bc04a28b5a1
humanhash: uranus-nine-kentucky-alpha
File name:AICSADPT-951QTN-003BBMSfh.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:575'800 bytes
First seen:2020-05-25 07:53:21 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:ptcFCF5MMF+vvOqXIAT16ZWx52QF403uSrNeew+PcSRFB9F:IFCFquivI+6Zq/FZ3u6pwWRv
TLSH 6AC423AC88FBC1A9A1BE071A6F7CD97205A4B5A7E7A407439492C0FB30DF90C09DD567
Reporter abuse_ch
Tags:AgentTesla cab


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: efco-dueren.de
Sending IP: 209.58.149.66
From: Faiz Farouk <sales@efco-dueren.de>
Subject: AICS/AD/PT-951/QTN-003/BB/MS/fh
Attachment: AICSADPT-951QTN-003BBMSfh.cab (contains "AICSADPT-951QTN-003BBMSfh.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.LuheMalumA.12985.16793.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 10:17:39 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab 0b0c8a9ba29e509269618747b36223a1ca0e47c3a6cd4a11b2d5ddb1aede7c03

(this sample)

AgentTesla

Executable exe 5331c0d3bca792163c516ede19eef0b09e4f30ebe1299e83c9d0ca9b1701632b

  
Dropping
MD5 083d425a8ef67547447203cccb427068
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5331c0d3bca792163c516ede19eef0b09e4f30ebe1299e83c9d0ca9b1701632b

Comments