MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e8e6826519a8a8aca7500728772400baa04c2a169d4537ccc11c9149214a9b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e8e6826519a8a8aca7500728772400baa04c2a169d4537ccc11c9149214a9b7
SHA3-384 hash: 269ae58e040409453c17faaa544654d4c6aebca3036c1a5694cf21162e3769f4e0b2dc1cb1ccb875c033a52313d1a573
SHA1 hash: 5a5f755b271077e463f0a18ccccde1d87bf8034c
MD5 hash: 01caa89e31dec2c266f609d2bc5a0397
humanhash: charlie-kitten-hotel-neptune
File name:PO-61763783-sn-997588983y3.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:356'653 bytes
First seen:2020-06-08 19:13:31 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:q4J6E+tIGn/rEqyg19kFDLrYhabNoHcWqqIecW2NOkC7i5gggBI9zMnmaOKk:56btF//D1yjYQbQcW//iOkai5gDI9zME
TLSH 20742367169360F01980BF7B16C562D1FF167D1B93CACDACB8A2E0E16D839C5C6B0B85
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: taghtiran.srv.narganit.com
Sending IP: 91.98.96.133
From: Lee Seo <L.seo@krones.com>
Reply-To: Lee Seo <nurdan.ozirneks@gmail.com>
Subject: Quotation From our customers
Attachment: PO-61763783-sn-997588983y3.7z (contains "PO-61763783-sn-997588983y3.exe")

AgentTesla FTP exfil server:
ftp.autobulbs.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27572.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Perseus
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 19:15:07 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f2hgqjsrtkfivstvabzio4sabovajqvbnhkfg7gmcherjequvg3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 2e8e6826519a8a8aca7500728772400baa04c2a169d4537ccc11c9149214a9b7

(this sample)

AgentTesla

Executable exe 161e6d54de31fc97d279a764aff5de5280ef2ef2de8b4948aac063a53a5875b5

  
Dropping
MD5 cc0fd5230ca5e6c6752e804154829629
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 161e6d54de31fc97d279a764aff5de5280ef2ef2de8b4948aac063a53a5875b5

Comments