MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9863f08b577df33d359072483a14ac14e5996e6fec8a63f0f97654445141667. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9863f08b577df33d359072483a14ac14e5996e6fec8a63f0f97654445141667
SHA3-384 hash: ecd4de659dee59537802ce791901ac8ae8f1215cadd3a15fb73a86a68a548f8eb66183cb510e45feead613a16d6b6700
SHA1 hash: 64cbe569da566dd269fdc0ebcf3c6066745b1662
MD5 hash: ccbd8b4cd0cdbab792839d7d31485f5a
humanhash: chicken-ack-six-network
File name:Deposit-ScantoFolder_21302020-Pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'092'743 bytes
First seen:2020-05-11 08:37:08 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 24576:7VWjBDgGHXtuh7tEbd/EMk2RjMU/1zkUohWZEFoIHPnIY:h8B8GHXtSssMk8J/19GwyvnIY
TLSH A735337E6A6A3D78D2D61AEA0554E05BCD1102A2E7738C68F0CF0DDBF95F48120AED74
Reporter abuse_ch
Tags:AgentTesla gz Outlook


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: NAM10-BN7-obe.outbound.protection.outlook.com
Sending IP: 40.92.40.55
From: Oscar Espinoza <oscarespinoza1901@hotmail.com>
Subject: Fw: Fw: Payment Swift deposito-copy-EUR
Attachment: Deposit-ScantoFolder_21302020-Pdf.gz (contains "Deposit-ScantoFolder_21302020-Pdf.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 13:44:03 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xgdd6cfvo7pthu2za4sihikkyfhftfxg73ekmpyps5suiriucztq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz b9863f08b577df33d359072483a14ac14e5996e6fec8a63f0f97654445141667

(this sample)

AgentTesla

Executable exe c1c47c03448a9f0797fcb2ddea8c5fdc9e3dbb13ed3bf5a3784800df490356d9

  
Dropping
MD5 2419158492c7595d458493938d5d1054
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c1c47c03448a9f0797fcb2ddea8c5fdc9e3dbb13ed3bf5a3784800df490356d9

Comments