MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50807d7699137facae8413e2f377db3658de003615c09ca88d69bf44b41a8e0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50807d7699137facae8413e2f377db3658de003615c09ca88d69bf44b41a8e0e
SHA3-384 hash: 4ed598bca08ea5175199ae9d074698b2189d5f94f151e919e0fc95e38c95f635b0b561a6cf2713c863c53fcf294aab01
SHA1 hash: db93e0440303814cc707ab61095124f103d6847d
MD5 hash: aa8c5b1b088e7b9a30631ce9b5483414
humanhash: mango-potato-fruit-delaware
File name:Product Catalogue List. docs.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:50'429 bytes
First seen:2021-01-03 10:49:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:xb3KjeP4wY8uhFr4RNloy0r9SxXi/oHpbvDAZBk+jTIdGeD97mZ:xb3cv9ThFEq39SBbvD4C+PwGeD1s
TLSH 9333F2B25A8D233F6011AA31BDB13D577D193E4844093E31CB25EE63766509177E3BA8
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp1-01.brain.net.pk
Sending IP: 203.128.3.5
From: SALES <amclhr1@brain.net.pk>
Subject: Enquiry/Request For Quote
Attachment: Product Catalogue List. docs.zip (contains "Product Catalogue List. docs.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
231
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.35981188.10276.539.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/50807d7699137facae8413e2f377db3658de003615c09ca88d69bf44b41a8e0e/
Threat name:
Win32.Downloader.Bareps
Create hunting rule
Status:
Malicious
First seen:
2021-01-03 05:21:35 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  3/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kcah25uzcn72zluecprpg563gzmn4abwcxajzkenng7ujna2ryha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Dropper
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/50807d7699137facae8413e2f377db3658de003615c09ca88d69bf44b41a8e0e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 50807d7699137facae8413e2f377db3658de003615c09ca88d69bf44b41a8e0e

(this sample)

AgentTesla

Executable exe 5d43da5e931766ec2e0c9b0e880885bb94c1bd2957771eecee7c83efc450dc94

  
Dropping
MD5 af34b14a37bbf709223ea5cd89d7251c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5d43da5e931766ec2e0c9b0e880885bb94c1bd2957771eecee7c83efc450dc94

Comments