MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0cb25e4bca1ccec5ca494a9b5cfd2b64569bd2438f70691e0dcbba5a0086bd23. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0cb25e4bca1ccec5ca494a9b5cfd2b64569bd2438f70691e0dcbba5a0086bd23
SHA3-384 hash: f6c2b9e724323ea41bc3320c04434033c9590c5897f68596c3708de5919f5a22eebc9db198a6c3bc30f850af513a64d5
SHA1 hash: 307aecec528cc088696e0bc30d22f9f5c52139af
MD5 hash: 64df800336688e78d9f4ab2e9f2845e4
humanhash: lamp-romeo-steak-emma
File name:Company Profile.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:607'896 bytes
First seen:2020-08-14 10:09:34 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:K3lNT3H85PNsRth58L402Sbptis6ZPk+9oM7OUMiQeYAA2j+QEoVUKhUXJJ:K3LX85+RthKL402StHIPk+9F7OdSA2BG
TLSH CAD423A63888DB451E92C32F7D01A9F45E4CB80FB7A953E19C6F70B1C96B48D8E0CA54
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: acteusgroup.com
Sending IP: 45.143.222.105
From: Alex Yeong <alex.yeong@acteusgroup.com>
Reply-To: Email ADMIN <noreply@domain-admin.com>
Subject: RFQ #1657 (MSA)- Price Inquiry
Attachment: Company Profile.rar (contains "Company Profile.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0cb25e4bca1ccec5ca494a9b5cfd2b64569bd2438f70691e0dcbba5a0086bd23/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 10:11:04 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bszf4s6kdthmlssjjknvz7jlmrljxusdr5ygshqnzo5fuaegxurq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0cb25e4bca1ccec5ca494a9b5cfd2b64569bd2438f70691e0dcbba5a0086bd23

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 0cb25e4bca1ccec5ca494a9b5cfd2b64569bd2438f70691e0dcbba5a0086bd23

(this sample)

AgentTesla

Executable exe 4843c3600fa75fd8e78f04641b3fc363a3ae5e453ecd72a1e7b8b6c25408e376

  
Dropping
MD5 0d225d65406249e78cded471a73c8742
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4843c3600fa75fd8e78f04641b3fc363a3ae5e453ecd72a1e7b8b6c25408e376

Comments