MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ffedf5e468337d6420f1f3f701222dd2578474ebb2efbd545430560558b12d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ffedf5e468337d6420f1f3f701222dd2578474ebb2efbd545430560558b12d3
SHA3-384 hash: bab4571ca27c67e1d86225cc009f1138c7c885bc11f6f353b29f44eeef67301dfa42f1fb7fc074ca27461d04fd543a12
SHA1 hash: ec9807db0d14694d8b3ecc31be51d4f94670b8ff
MD5 hash: 0e3bba87f2463f2ce5365e92d54842a1
humanhash: steak-virginia-violet-london
File name:ORDER NO. DC08021.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:546'410 bytes
First seen:2020-08-03 07:15:00 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:aIUF2E2ricvX3v7ojw6YX9pLeC4El7HJIBn+L2M:ajF2E2xQYPh4E5HSUv
TLSH F5C42385F3192939602B2B3E7FB469A9B754BD3C90188CC5D8DC8B845F3C1377A19927
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: scorpio.atomiclayer.com
Sending IP: 96.125.179.170
From: Sce. Export <export@mp-transport.ma>
Reply-To: costamagnaluciiano@gmail.com
Subject: INQUIRY - ORDER NO. DC/0802/1
Attachment: ORDER NO. DC08021.rar (contains "ORDER NO. DC08021.exe")

AgentTesla SMTP exfil server:
mail.kohinoorribbon.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8ffedf5e468337d6420f1f3f701222dd2578474ebb2efbd545430560558b12d3/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-08-03 07:16:09 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r77n6xsgqm35mqqpd47xaerc3usxqr2oxmxpxvkfimcwavmlcljq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8ffedf5e468337d6420f1f3f701222dd2578474ebb2efbd545430560558b12d3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 8ffedf5e468337d6420f1f3f701222dd2578474ebb2efbd545430560558b12d3

(this sample)

AgentTesla

Executable exe 7d45448bfe8b015e4c529ea7c1898c7a311d8ce42eb208957113735c5b750335

  
Dropping
MD5 d45c4fed12f1ff0cc6332b1141d0b435
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7d45448bfe8b015e4c529ea7c1898c7a311d8ce42eb208957113735c5b750335

Comments