MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ffd432e1a16c345135426685cb96b262976ea9b8c65d5ec17e211481e42b5e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ffd432e1a16c345135426685cb96b262976ea9b8c65d5ec17e211481e42b5e1
SHA3-384 hash: 0a44ee93901f318b3710390d1a0011e1003f19bf3f25a68a5dd2129edd9b7699d098865cfa37164be0b069d3e25cd220
SHA1 hash: 8f8881fad1964e38afda44099fb27df2d71407dc
MD5 hash: 33f2cdd9f54a5085b29c6261c68ba365
humanhash: muppet-october-zebra-one
File name:MARIEL SRL PURCHASE ORDER_PDF.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:419'363 bytes
First seen:2020-05-11 14:49:23 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:cFD+emeQ8xErcK21pOEjuJqMAqDK5cs5pnka+r:cFDZmsmQ7pSrDXs5pnkP
TLSH FA9423638E8290E653FA4538C0E3DFAC503149D6EC84BD5FB550E0D6E7EA00C4DAA4ED
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: j0j40j2k.ni.net.tr
Sending IP: 185.95.86.158
From: Antonella Sciara - Mariel Srl <sales3@mariel.it>
Subject: MARIEL S.R.L. PURCHASE ORDER
Attachment: MARIEL SRL PURCHASE ORDER_PDF.gz (contains "MARIEL SRL PURCHASE ORDER_PDF.exe")

AgentTesla SMTP exfil server:
mail.smilesmedicstomatology.co.tz:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 15:37:12 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r76uglq2c3buke2uezufzolleyuxn2u3rrs5l3ax4iiuqhscwxqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 8ffd432e1a16c345135426685cb96b262976ea9b8c65d5ec17e211481e42b5e1

(this sample)

AgentTesla

Executable exe 3738fc108c0b735d09b548a5b53e6f851d25c1a04058d965285224980372b5fc

  
Dropping
MD5 9742f77a4866fdb1108fa44764ad7652
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3738fc108c0b735d09b548a5b53e6f851d25c1a04058d965285224980372b5fc

Comments