MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8fe13da02d8d81bee62c2bf88ed6f6b6108755d7f209e1e6ac473bc38cc63951. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8fe13da02d8d81bee62c2bf88ed6f6b6108755d7f209e1e6ac473bc38cc63951
SHA3-384 hash: 59af53aa86effc5d83a70f8ffc04ed8b64741a9818524a26c1975b64a00ab457542b470f90a0f5c5597ff5702904bc3e
SHA1 hash: 684ff1b45f0bcb0df3944ee20c9c368ae85b5ee5
MD5 hash: 3ecf05e6579eeb2ce14709a40810da7d
humanhash: juliet-alabama-utah-delaware
File name:PDF.New order_July.PDF.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-07-09 12:12:49 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:NWFOYWIKKoDSHNRe5ldJZn7HszZNmp/acTaulCSRO6:wC4HmZZnTszWp/LTESR
TLSH 0C4502B172984F62F9B00BF5697554804FF87C0B15B2D69EBDC930CA2A72F845921F2B
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: v238211.serveradd.com
Sending IP: 101.100.238.211
From: C.R.I Pump (Admin) <corp@cripumps.com>
Reply-To: dirstil98@gmail.com
Subject: Re: QUOTE FOR C.R.I. PUMPS
Attachment: PDF.New order_July.PDF.img (contains "PDF.New order.exe")

AgentTesla SMTP exfil server:
mail.orientalkuwait.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FWJB4A67408BAC8.3423.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8fe13da02d8d81bee62c2bf88ed6f6b6108755d7f209e1e6ac473bc38cc63951/
Threat name:
ByteCode-MSIL.Trojan.Masslogger
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 08:52:11 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r7qt3ibnrwa35zrmfp4i5vxwwyiiovox6ie6dzvmi454hdgghfiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 8fe13da02d8d81bee62c2bf88ed6f6b6108755d7f209e1e6ac473bc38cc63951

(this sample)

AgentTesla

Executable exe 9886dbd251a349a2675e4b0bd53a0b24bed7858541d955f0c7449c6a5e15e4ee

  
Dropping
MD5 b4a67408bac84f6f0280dd23ca072ed0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9886dbd251a349a2675e4b0bd53a0b24bed7858541d955f0c7449c6a5e15e4ee

Comments