MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97b4faa4dc366412fff002072000a2a075c8ce15c19308a6b2e6244cdf9e160c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97b4faa4dc366412fff002072000a2a075c8ce15c19308a6b2e6244cdf9e160c
SHA3-384 hash: f4ec21003e1ed50830df8dd518b3bdf4580ffedfb74b58dbf843d6db1fedaeb941d31db412015a83a61d39da09f3b0d0
SHA1 hash: 31f978c94319cf42737e9781caa85e02df0db940
MD5 hash: bb0e6f9781e5194967006b05ffc2bca7
humanhash: triple-cola-nevada-island
File name:DOH0003675550.pdf.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:375'138 bytes
First seen:2020-11-18 12:17:10 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:ZtKUKEA7gZTGDssuF/9nv/egqjOp9K4qi2ip2p3u/kgy2OLegPQkEVXXJb:VBZaDsr/9nvWgL9Bt2ip2p4kgy2O5Qk+
TLSH 7B842377E35B373D5452E36A72237F430BAEBD3858809835F8024A7F065B6BAD8E4446
Reporter abuse_ch
Tags:AgentTesla cab


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: xwx0.319.suaon.ml
Sending IP: 139.59.250.122
From: Ali Al Faqir <info@319.suaon.ml>
Subject: ****PAYMENT REMINDER****
Attachment: DOH0003675550.pdf.cab (contains "DOH0003675550.pdf.exe")

AgentTesla SMTP exfil server:
smtp.fnsst.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/97b4faa4dc366412fff002072000a2a075c8ce15c19308a6b2e6244cdf9e160c/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-18 12:18:05 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s62pvjg4gzsbf77qaidsaafcub24rtqvygjqrjvs4ysezx46cyga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab 97b4faa4dc366412fff002072000a2a075c8ce15c19308a6b2e6244cdf9e160c

(this sample)

AgentTesla

Executable exe b61fd6fa3079321e5231c3bdea1d4894b2de3fb8a8e38c2cb2c3d4754a7da86d

  
Dropping
MD5 5f2dc6138b0d62cb5bba335dac8aed3e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b61fd6fa3079321e5231c3bdea1d4894b2de3fb8a8e38c2cb2c3d4754a7da86d

Comments