MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8dc6411a2f0c403cc2c76d8436f432f856b86f5706e5f3ea8a380ff46d6c798. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8dc6411a2f0c403cc2c76d8436f432f856b86f5706e5f3ea8a380ff46d6c798
SHA3-384 hash: e01bdab84341ce3b015e49e9ac9e6935bff1a2b68ae9ba7bbfb29eae89db8779f2485d83773d743738dd2a7af0b1856a
SHA1 hash: 7c41b0a562c439d3c4bbd3f76780091c685b7ddf
MD5 hash: 80f0b526a01df55b3f985ac890a5113a
humanhash: mars-autumn-twelve-robin
File name:Sample MOQ10000pcs.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:417'423 bytes
First seen:2020-06-15 12:42:43 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:iWBLWUDRugDJ6Nbx4sdG3NCMti3c1sidFNWJG/D7IMTm0Cav4PhxmMvPB81z5uPR:TW6AisdCJtJsimG/DobawpxdPB85kuyp
TLSH 849423B791EE3E3AEA4B5D7EA6C789C5B99438F3807079C559C28118E366D36150CCCC
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hwc-hwp-5529510
Sending IP: 23.254.230.113
From: Damir Tokić <sigrun.weimann@berny.ba>
Subject: AW: REQUEST FOR PRICES - PO:No. 90058319
Attachment: Sample MOQ10000pcs.zip (contains "( RFQ_30860 and PO_466821 ).exe")

AgentTesla SMTP exfil server:
mail.ab-care.eu:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.80fc162f354d28e3.20640.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 09:31:36 UTC
AV detection:
30 of 47 (63.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xdogienc6dcahtbmo3meg32df6cwxbxvobxf6pviuoap6rwwy6ma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b8dc6411a2f0c403cc2c76d8436f432f856b86f5706e5f3ea8a380ff46d6c798

(this sample)

AgentTesla

Executable exe f009829f5156e5d96ee75af50dfadeaf75bcbc59d946b2a0658aa2c6e22fc1a7

  
Dropping
MD5 a5ca0db26a0e49c4a7159eaeaafc0c21
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f009829f5156e5d96ee75af50dfadeaf75bcbc59d946b2a0658aa2c6e22fc1a7

Comments