MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23cdadd0a6307970d094be1bc084a03e6c9769e3c857fc999f82fb78e4909ae0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 23cdadd0a6307970d094be1bc084a03e6c9769e3c857fc999f82fb78e4909ae0
SHA3-384 hash: 99aa47d6888764e47eb0a8da0d11ad6d3d931a5f06c89c2a605f47a4e7ddd6bfc41e54ac982c956a26269dbf669c9e3a
SHA1 hash: 2dfe614c0e989bda8457b0a07d30ab2d99cb2727
MD5 hash: 92cec2f38bbfd276132c835fe4a4f9fe
humanhash: aspen-eight-minnesota-mockingbird
File name:MM205LTVMNORIN000837.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:285'069 bytes
First seen:2020-05-27 11:42:30 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:x+Cn/oiePJvZUu/PPPKsTbV6ro33c6fF1C3e9JgfcnKbfm9:xH//eP0ufHTbVgo33dIO9mfna9
TLSH 4054234C7335EA355470BE82953A17BB72CD994A6193DF234F0EC732E61CAE825EC621
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.linux97.papaki.gr
Sending IP: 78.46.77.164
From: Aleksandrs@ajlogistics.lv
Reply-To: logistics <c.heesakkers@tajlma-europe.com>
Subject: Fwd: RE: saraksts 27/5/2020
Attachment: MM205LTVMNORIN000837.7z (contains "MM205LTVMNORIN000837.exe")

AgentTesla SMTP exfil server:
mail.pluszfm.ro:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.3569.28305.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 12:34:09 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 23cdadd0a6307970d094be1bc084a03e6c9769e3c857fc999f82fb78e4909ae0

(this sample)

AgentTesla

Executable exe ec8b1456e2458e604e3fa2815364664889a01ff1e330c360572be069aa1cf9f0

  
Dropping
MD5 8565a3150ce89567fb4ef599f9c613f2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ec8b1456e2458e604e3fa2815364664889a01ff1e330c360572be069aa1cf9f0

Comments