MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b725056d381d4fcdf425ba985e32e6ee054c7e9fdd7b649d96bc30117f5d8dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b725056d381d4fcdf425ba985e32e6ee054c7e9fdd7b649d96bc30117f5d8dd
SHA3-384 hash: 166e9c664903ef71e7152042eb042e256b0ef6d335a7b876cd2bc761ca8bb290d7adbe99eb7957cf3d7f64c0da40a32a
SHA1 hash: d6ba2745479a33753b9e246ab914e03519dfeff8
MD5 hash: 4d31a4f27175b1b7286c12fdc1c856b2
humanhash: maryland-floor-freddie-nebraska
File name:KRA202015840883.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:646'649 bytes
First seen:2020-08-04 11:11:34 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:IyggSc4Fn+JR8GTRDG5tiUoQI3DyyW8I6Ty8VciK7RWjClLOn/1Y:WI4gJaGTRS+8I7y8Vxv2E9Y
TLSH 4CD42381295C8E751DF1EE6A4857E0D9488B09D242B78CAD61FB23E3F8D875E39C035B
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: admin.itax2@kra.go.ke
Reply-To: admin.itax2@kra.go.ke
Subject: Acknowledgement of Income Tax PAYE Return for Return Period 01/07/2020 to 31/07/2020
Attachment: KRA202015840883.rar (contains "KRA202015840883.exe")

AgentTesla SMTP exfil server:
mail.pkfpmes.co.ke:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8b725056d381d4fcdf425ba985e32e6ee054c7e9fdd7b649d96bc30117f5d8dd/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 11:13:09 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rnzfavwtqhkpzx2clouylyzon3qfjr7j7xl3msoznpbqcf7v3doq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8b725056d381d4fcdf425ba985e32e6ee054c7e9fdd7b649d96bc30117f5d8dd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 8b725056d381d4fcdf425ba985e32e6ee054c7e9fdd7b649d96bc30117f5d8dd

(this sample)

AgentTesla

Executable exe 16853eb4cd97f93ef51bcad6492d6874c54e86f98009b977254decac05070fd2

  
Dropping
MD5 eb815f5ca33030272ffddd2b5a2b5b08
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 16853eb4cd97f93ef51bcad6492d6874c54e86f98009b977254decac05070fd2

Comments