MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c2c2528720834089925f584d094a2b35e2450d0af9020aae081a46d4c84f4b0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c2c2528720834089925f584d094a2b35e2450d0af9020aae081a46d4c84f4b0
SHA3-384 hash: c7205c19d6be5ab014a0f034b9cad966ef7692d17a13d1e86c041475f28c2a8e812b1f1066988f342556b07ee5b78a32
SHA1 hash: d6036584cbd8bdd5333df8dc60ac491b64ccbdf4
MD5 hash: dea56a6ec733a66ef9a3d5d6994a1fbc
humanhash: venus-neptune-freddie-ceiling
File name:MV PAVINO.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-01 14:31:18 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:3PCganNhay4uabenG9Z5JojN7Xmzv1II2CE8sMYblQVM15Mtns0UDlBBG1qEHGE:Nannay4uadZQmKiEuIm4WtxUBBBdw
TLSH 32451245E69280F7E1AB02F10C7C1E639AE49D1515F49A0B3B7C7D6C7F3325A221F62A
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: box.vacuumcleanerservicecentre.co.uk
Sending IP: 104.168.219.118
From: Vungtau Ocean Shipping Agency <mail@vacuumcleanerservicecentre.co.uk>
Subject: Re: REQUEST FOR QUOTATION// MV PAVINO TRADER
Attachment: MV PAVINO.IMG (contains "MV PAVINO.exe")

AgentTesla SMTP exfil server:
mail.kingstoncomplex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Waldek
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 13:55:21 UTC
File Type:
Binary (Archive)
Extracted files:
49
AV detection:
14 of 30 (46.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rqwckkdsba2argjf6wcnbffcwnpciugqv6icbkxaqgsg2tee6sya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 8c2c2528720834089925f584d094a2b35e2450d0af9020aae081a46d4c84f4b0

(this sample)

AgentTesla

Executable exe 4a37a38711e333170654b8a7f194d33b65a31f573a99db3ea52c3a14bd8a053c

  
Dropping
MD5 c3f3d70542abeccc1dc0f24142394003
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4a37a38711e333170654b8a7f194d33b65a31f573a99db3ea52c3a14bd8a053c

Comments