MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b0bc73b32e3f398f437656c1b2178cf660d20e377e98d56b2a3a754d2ad0799. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b0bc73b32e3f398f437656c1b2178cf660d20e377e98d56b2a3a754d2ad0799
SHA3-384 hash: 8c0ba49dc037026f15d3c6b987d6535bfd01e07c85eb1f6b078ef43f6a31470cd35adad1be9a4e0dfef10aedb4fc6e0c
SHA1 hash: b5748af7deb280ef8d3d04a5b63444ac23414ddc
MD5 hash: acfd56ace0d13410706691bc92a06381
humanhash: single-five-victor-alaska
File name:Hkempqc6.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:189'819 bytes
First seen:2020-11-07 10:24:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:NvSa0hhrDOk8H475DY53Liz78ZTyyQ9h++K7IzEtBaHvzpYFY7QIdGI:NvSur1LoqyyG+okctYRm5
TLSH A2041243FD41910C7C9E9E355128324E8492397D9A42728DEAAC34FA7753EAF3483DCA
Reporter abuse_ch
Tags:AgentTesla Telegram zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: competent-lamport.104-215-113-137.plesk.page
Sending IP: 104.215.113.137
From: Tina zhang <user687@gtoolswebmail.ga>
Reply-To: christinely123@outlook.com
Subject: Quotation Request
Attachment: Hkempqc6.zip (contains "Hkempqc6.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisE00CAFF9D75C.9194.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8b0bc73b32e3f398f437656c1b2178cf660d20e377e98d56b2a3a754d2ad0799/
Threat name:
ByteCode-MSIL.Trojan.Vimditator
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 19:29:20 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rmf4oozs4pzzr5bxmvwbwilyz5ta2ihdo7uy2vvsuotvjuvna6mq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 8b0bc73b32e3f398f437656c1b2178cf660d20e377e98d56b2a3a754d2ad0799

(this sample)

AgentTesla

Executable exe c995a85f1bb154c622993d40c068aac98ea09209fae2cf2a22613886b1af80c9

  
Dropping
MD5 e00caff9d75c3991bba05b152043a0d8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c995a85f1bb154c622993d40c068aac98ea09209fae2cf2a22613886b1af80c9

Comments