MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 895ebd9aeff0a60c2c7c71ff35ee155c337e8597a43d9014e272987be47bf867. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 895ebd9aeff0a60c2c7c71ff35ee155c337e8597a43d9014e272987be47bf867
SHA3-384 hash: e2c244d30c5d563bd44e5c799f1a365c3f49e0d3eb995634d5e82a9166116edc2545de6c2e42abf5169b82a3f04cddbc
SHA1 hash: a36752063f026c41266ea567904a6525fd464193
MD5 hash: a5ee1729c9ba3aa7c9a0ac013b119a72
humanhash: finch-four-fanta-kitten
File name:Factura.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:524'947 bytes
First seen:2021-01-06 07:16:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:43M6menhrbqJ83VXKPVbmhxA4ZVjM/Q+9bJaq7AS6SSv8g:4XmuquVXomNfDGbp7AtN
TLSH 2FB4237070FEDD440BEE51D97F3A7BC084D9878BA88AD9E9DDA32E0740339A8570C465
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 171710.MONOVM.COM
Sending IP: 23.227.203.24
From: Katherine@171710.MONOVM.COM, Alvarez@171710.MONOVM.COM, Guarniz@171710.MONOVM.COM, info@bcainvestors.ml
Subject: FACTURA
Attachment: Factura.rar (contains "U6ODBh62dJ0IYCK.exe")

AgentTesla SMTP exfil server:
mail.chefoowork.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
177
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.603.17069.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/895ebd9aeff0a60c2c7c71ff35ee155c337e8597a43d9014e272987be47bf867/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-01-06 05:37:43 UTC
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rfpl3gxp6ctayld4oh7tl3qvlqzx5bmxuq6zafhcokmhxzd37btq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/895ebd9aeff0a60c2c7c71ff35ee155c337e8597a43d9014e272987be47bf867

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 895ebd9aeff0a60c2c7c71ff35ee155c337e8597a43d9014e272987be47bf867

(this sample)

AgentTesla

Executable exe 8ccb27d2627b5288f5eadd11fd64cc8a849bf587bac68d5a6699361c9f0684a5

  
Dropping
MD5 78592c46b3ad4827ec2ee80980488220
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8ccb27d2627b5288f5eadd11fd64cc8a849bf587bac68d5a6699361c9f0684a5

Comments