MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d119803d01cdec1adc2cb62bba969c44313c0f16a740c9d2405b85cc0289d53. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d119803d01cdec1adc2cb62bba969c44313c0f16a740c9d2405b85cc0289d53
SHA3-384 hash: 72b3754713de0ba4d1cc4790693ee68793613f1c37653916b276203efdf304413c18900458a74a6cf9497725bd43ae9a
SHA1 hash: db63161f9b9a48aa184e94b834cf391712e9490d
MD5 hash: 11dbaeaa5887d41e0445211291226bbb
humanhash: steak-lima-video-twenty
File name:signed_19272.zip~18 KB 2.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:480'033 bytes
First seen:2020-11-26 06:47:20 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:IS92gNirTVzc39hKc5V3OkseNt7tL0PLCMdVCp8V0ZB:IIhGpYH50st0PLjkFZB
TLSH 6DA423C0E4EE61912FEABB7FCF8BADA589907C2D976D1C884B3815016D15717DB08D32
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: MANAGEMENT <javaid@cyber.net.pk>
Subject: RE:Signed_document for urgent_shipment..
Attachment: signed_19272.zip~18 KB 2.zip (contains "signed_19272.zip(~18 KB) (2).exe")

AgentTesla SMTP exfil server:
mail.alsayyadi.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8d119803d01cdec1adc2cb62bba969c44313c0f16a740c9d2405b85cc0289d53/
Threat name:
Win32.Trojan.Ursu
Create hunting rule
Status:
Malicious
First seen:
2020-11-26 06:48:06 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ruizqa6qdtpmdlocznrlxkljyrbrhqhrnj2azhjeaw4fzqbitvjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 8d119803d01cdec1adc2cb62bba969c44313c0f16a740c9d2405b85cc0289d53

(this sample)

AgentTesla

Executable exe 5f40f0eb593f0202c8bf43fee6520149a951ced26c299bb7cdceb423e7422a27

  
Dropping
MD5 efc1b8e9f7c1d679f1f4697ab72b658d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5f40f0eb593f0202c8bf43fee6520149a951ced26c299bb7cdceb423e7422a27

Comments