MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9876f6f78e37db295bdfd89f311888c9d2c2907d1e9ecf3866a1c0a0096325d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9876f6f78e37db295bdfd89f311888c9d2c2907d1e9ecf3866a1c0a0096325d
SHA3-384 hash: 6734f35369feb0c7f68843c817091ec307f2bb49f3bc3a5cc46cf73bee4828081e95c809c014637eb26b90864d52185c
SHA1 hash: 28e10c5438bab15553e2b083551fee4dd7feddef
MD5 hash: 335ee3ba884945a02c07d6a3f20da61d
humanhash: jig-robert-red-alaska
File name:20200615.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:621'445 bytes
First seen:2020-06-15 13:11:19 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:kSoNtOeMKVOxZqvh/hUtRiED0ZlbSZ8MwxqFLSK+qLn+SA4FaitH:Pm1M5w6Ri+2oZ5nHAUawH
TLSH A7D4330A5421E98D2D21166C7DB62C9F1AF2D33C9EDDBD552BD030AC60BA4ACC5E4BD3
Reporter abuse_ch
Tags:AgentTesla rar Yahoo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sonic316-49.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.187.175
From: krishna SWAMY <instick2002@yahoo.com>
Subject: Fwd: Re: Re: Re: 26136 PI 20296629 SO 40129429 Order Balance Due
Attachment: 20200615.rar (contains "20200615.exe")

AgentTesla SMTP exfil server:
mail.mail15.cp247.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 13:13:04 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xgdw633y4n63ffn57we7gemirsosykih2hu6z44gnioauaewgjoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar b9876f6f78e37db295bdfd89f311888c9d2c2907d1e9ecf3866a1c0a0096325d

(this sample)

AgentTesla

Executable exe a1356a4ee42e9568831bf6b92bb9a5500b779614436bca52f0ee64e98ff0eaf7

  
Dropping
MD5 0098e0da438cbbb9962645bcf5118ee4
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a1356a4ee42e9568831bf6b92bb9a5500b779614436bca52f0ee64e98ff0eaf7

Comments