MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a16c0bb267964520e422d494d9497ded2c2ba5431c0169939bc0855e3c6e8b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a16c0bb267964520e422d494d9497ded2c2ba5431c0169939bc0855e3c6e8b9
SHA3-384 hash: 94215e18ee0dd45297c9f5b1d5afef0d59b14ddf8fead5c33fa4e51de8a84cf746f06ca32e1bdde62e402923523912d0
SHA1 hash: 2a04b46173f3546d7e7c3a581d10ddb8b55825b9
MD5 hash: fafce2f554e7fe9676ae8098b13826c1
humanhash: missouri-red-magnesium-paris
File name:Invoice Packing.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:627'858 bytes
First seen:2020-10-16 12:54:43 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:0IqPKfy9t8zRLvUuwIgexFLzdiaUWaNWTmvRUUxf+ySGI5UpVv0:0k6jjKgefz4aUWmA6lSGI+M
TLSH 30D423E8E239DE6D2101D95498EF64137E0AF2D883D2BCCE88C84C99F4D4D53D9466EB
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 162-144-89-139.webhostbox.net
Sending IP: 162.144.89.139
From: vsb <vsb@tassgroup.com>
Subject: Re: Invoice & Packing List
Attachment: Invoice Packing.zip (contains "Invoice & Packing.exe")

AgentTesla SMTP exfil server:
mail.teleflo.co.in:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42621.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.24016.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.21103.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8a16c0bb267964520e422d494d9497ded2c2ba5431c0169939bc0855e3c6e8b9/
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-10-16 10:52:53 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rilmbozgpfsfedscfveu3fex33jmfosughabngjzxqefly6g5c4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8a16c0bb267964520e422d494d9497ded2c2ba5431c0169939bc0855e3c6e8b9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 8a16c0bb267964520e422d494d9497ded2c2ba5431c0169939bc0855e3c6e8b9

(this sample)

AgentTesla

Executable exe 50ac2894b8dd67fe9225dd4fb78310ac56dbb103d425d596025e70d686952d0c

  
Dropping
MD5 d29e7c388da28f4c695d894a8a4e8fef
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 50ac2894b8dd67fe9225dd4fb78310ac56dbb103d425d596025e70d686952d0c

Comments