MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e44af95bd819452f2a3fb8651436afdee328378c25e46de321c0419706fef99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e44af95bd819452f2a3fb8651436afdee328378c25e46de321c0419706fef99
SHA3-384 hash: 052d05951ffea45fc5b22c355792643b73d3a84cf6bc8d166c46026cf63dabaac4adcdb7fbf0d4dcd00163bfd64d72e5
SHA1 hash: 9e690ba2dab7cf997b9cf3afac1097644b95cbd8
MD5 hash: ede0c9b5ea0fa6b4b928994151d8c9dd
humanhash: artist-oven-cat-harry
File name:PDF-CHASE-ONLINE -DEPOSIT.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:360'095 bytes
First seen:2020-07-10 17:41:36 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:32GjUEFMrvegET5VvleqUbrdAfgd7i+irmc60ETOmOUu/lUQpofIeb+7:32F+T5DEru8ghzaglUQp4ZY
TLSH C97423DCBDB8F072C462528D16E7DC2A1DB24BDEAC4068F1553AE4DA73F85A094E74D0
Reporter abuse_ch
Tags:AgentTesla Chase rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: msr1.hinet.net
Sending IP: 168.95.4.101
From: accounting@sundancenaturalfoodscompany.com
Subject: forwarded today - PDF-CHASE-DEPOSIT
Attachment: PDF-CHASE-ONLINE -DEPOSIT.rar (contains "PDF-CHASE-ONLINE -DEPOSIT.exe")

AgentTesla SMTP exfil server:
mail.saritatravels.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e44af95bd819452f2a3fb8651436afdee328378c25e46de321c0419706fef99/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 17:43:07 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rzck7fn5qgkff4vd7odfcq3k7xxdfa3yyjpenxrsdqcbs4dp56mq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 8e44af95bd819452f2a3fb8651436afdee328378c25e46de321c0419706fef99

(this sample)

AgentTesla

Executable exe 378aec9a36d877a4ed07954bcd9ddb553b52b351277011ea5f735f1d217d043c

  
Dropping
MD5 dcfc337c3179906b5916d0fd775a7c70
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 378aec9a36d877a4ed07954bcd9ddb553b52b351277011ea5f735f1d217d043c

Comments