MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e2f378359ca3885f551fa0a08d0d9b9b43c2e16e3cd3b68acb9c57a63f1ce15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e2f378359ca3885f551fa0a08d0d9b9b43c2e16e3cd3b68acb9c57a63f1ce15
SHA3-384 hash: c99d689c36a8782ad8712bf5f13591dccf4b00e610fb40d489f1699d789d48e15f6c0853c197f6a3cf626606feefa362
SHA1 hash: 27c71a8aa329b6722d4a7a560658a3995780b928
MD5 hash: df7782843a072d01f11b1f129f662fe0
humanhash: eight-vermont-sodium-twenty
File name:PO-616542153_PO_ConfirmationCopy65465PDF.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-07-22 09:18:25 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:ENHr2tc8PUm2iNS2MPtwcsQQY7Ko2OSM1yRi2zW9ZWkf:EB8cm1W1AoEM0FIWkf
TLSH 5545AD02FBBC06DDDB1806B5E0355060A7B56A1B67E6D7093BD9F5DC0A22B804713EE7
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.coreforintl.ml
Sending IP: 64.188.22.49
From: Kelvin Pharrel <sam@coreforintl.ml>
Subject: Quotation Referance_2020_22_07
Attachment: PO-616542153_PO_ConfirmationCopy65465PDF.img (contains "PO-616542153_PO_ConfirmationCopy65465.exe")

AgentTesla SMTP exfil server:
mail.kenapens.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e2f378359ca3885f551fa0a08d0d9b9b43c2e16e3cd3b68acb9c57a63f1ce15/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-22 09:20:08 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ryxtpa2zzi4il5kr7ifarugzxg2dylqw4pgtw2fmxhcxuy7rzykq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 8e2f378359ca3885f551fa0a08d0d9b9b43c2e16e3cd3b68acb9c57a63f1ce15

(this sample)

AgentTesla

Executable exe 5f8d0e5d206e5b37c552b79782a6777edf6e7a9a1c1db8ce324055baba187f4b

  
Dropping
MD5 0faf92001013a74d38b7d43cd4e8292e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5f8d0e5d206e5b37c552b79782a6777edf6e7a9a1c1db8ce324055baba187f4b

Comments