MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9e9144a22315da62d27177065db5671abefac2d151f7754595e65683a4da8b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9e9144a22315da62d27177065db5671abefac2d151f7754595e65683a4da8b4
SHA3-384 hash: 86d4c55b820ad60a7220233f527e33b98b582b0a168518520ca1060d6bcccccd3f080b377c0c609e084ce4fdbd00e640
SHA1 hash: ff64d9d1c03d176b8cceef17a0e4b1ed6caaf56f
MD5 hash: 6447071d630e73f4a3dced9c0e77bd8f
humanhash: undress-white-vermont-idaho
File name:Document for FEDEX clearance.xls
Download: download sample
Signature AgentTesla
Create hunting rule
File size:510'185 bytes
First seen:2020-12-05 15:19:00 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:bg0oLT5CEQ6wx0Ek0bmUSU8DJTZuvoysPYlJLblILpzxBJCn:E0ohzQ6KbmUeDJUv3JLK5xBJ8
TLSH 29B423B2B9FD544058FB9DE8CA391774963D24F84FA32127C8ACBA6D7B1BA4440CC971
Reporter abuse_ch
Tags:AgentTesla xls


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: fedex.com
Sending IP: 45.137.22.134
From: Jessie Sheng<norply@fedex.com>
Subject: RE:FEDEX Notification
Attachment: Document for FEDEX clearance.xls (contains "Document for FEDEX clearance.exe")

AgentTesla SMTP exfil server:
smtp.lokalboyz.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
335
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.18501.25114.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b9e9144a22315da62d27177065db5671abefac2d151f7754595e65683a4da8b4/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-05 15:19:07 UTC
AV detection:
3 of 48 (6.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xhurisrcgfo2mljhc5yglw2wogv67lbncupxovczlzswqosnvc2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/b9e9144a22315da62d27177065db5671abefac2d151f7754595e65683a4da8b4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar b9e9144a22315da62d27177065db5671abefac2d151f7754595e65683a4da8b4

(this sample)

AgentTesla

Executable exe 0771791b95c7869be68dc8225a8763158d758b73cd83869f55188cd0ec98cbac

  
Dropping
MD5 e47bfff65206f25107f97232d1837eee
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0771791b95c7869be68dc8225a8763158d758b73cd83869f55188cd0ec98cbac

Comments