MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a327e30b79b9e87cac1e00cec5b25b200aa3c46872ef62e899be14204d436cdb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a327e30b79b9e87cac1e00cec5b25b200aa3c46872ef62e899be14204d436cdb
SHA3-384 hash: f6d23d9f5d04282af326f51bcda91fd5c442e2370acb90d39360f8431078f72a5064cc49004d9f252eca158d79c8d550
SHA1 hash: c7b184cdd89ce78b75783ad005451e1a948d5851
MD5 hash: e016858f39199a8058109fc9f2b4b877
humanhash: east-kentucky-batman-oxygen
File name:PI.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:381'573 bytes
First seen:2020-07-01 09:25:18 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:lQBOj5HtCZey8jzEIAgLTcXolcV/IQ+fbF03PM9lrNi9VEGO4366eV5aEkDa2XcH:lQm5PjTTcYCrX3PMXUmx5axvcPwkEi
TLSH BC84237A4442F053742E8FAD77E5490E43F5570821AB1987CFAD2F24FA22E7B5A3844A
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: rikkicann.com
Sending IP: 103.99.2.4
From: <rikki@rikkicann.com>
Subject: RE: CONFIRM PI
Attachment: PI.r00 (contains "PI.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200701-1602.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a327e30b79b9e87cac1e00cec5b25b200aa3c46872ef62e899be14204d436cdb/
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 09:27:04 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=umt6gc3zxhuhzla6adhmlms3eafkhrdiolxwf2ezxykcatkdntnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 a327e30b79b9e87cac1e00cec5b25b200aa3c46872ef62e899be14204d436cdb

(this sample)

AgentTesla

Executable exe 6660441f4bca1fd56cde7ebc7ba7e5707fb5273cac9d2ab9ac17f2e99b23279a

  
Dropping
MD5 bbeba755f652bd8a4f97787ca09b9d22
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6660441f4bca1fd56cde7ebc7ba7e5707fb5273cac9d2ab9ac17f2e99b23279a

Comments