MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf129ef0fe9afc66b843b3a6dcaff23918b1c467f826ef179bc1300c5d7df1ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: bf129ef0fe9afc66b843b3a6dcaff23918b1c467f826ef179bc1300c5d7df1ec
SHA3-384 hash: e90a13aa0ae056e5d1328cd74c5ea14a3402d75ed049e75ea1347fcde967b7af3cbcba6a3b3323f309e4f19601367e55
SHA1 hash: 98b5f53b725f6ce32b92a9c64ef4c45ada22704c
MD5 hash: d6dbe2bb0b06e2bc07bd6928756742c2
humanhash: eleven-green-connecticut-hawaii
File name:QYA82HSI9QND92NC8GAI.7z
Download: download sample
Signature AgentTesla
File size:979'249 bytes
First seen:2020-06-16 06:27:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:NtLLNQGgThidXNvx2ev6mNO/Cs+vJvvTk11Eqze1foXACpu:7LmINIepsmvvTmEqze1wXNu
TLSH CA2533BAA52BCD7B8E1A4D675F9F5473550438E25A34700F5BE1A9ECCCCC0804ACE6B6
Reporter @abuse_ch
Tags:7z AgentTesla


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: mail.betalt.lt
Sending IP: 86.38.169.85
From: phuongthao <phuongthao@quangbinhjsc.com.vn>
Reply-To: phuongthao <Standardchartered22121@outlook.com>, phuongthao <Standardchartered22121@outlook.com>
Subject: Yêu cầu cũ hơn
Attachment: QYA82HSI9QND92NC8GAI.7z (contains "QYA82HSI9QND92NC8GAI.exe")

AgentTesla SMTP exfil server:
mail.dobrev-cheese.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
26
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
High
Vendor Threat Intelligence
Gathering data
Threat name:
Script-AutoIt.Trojan.Aitinject
Status:
Malicious
First seen:
2020-06-16 06:29:04 UTC
AV detection:
12 of 48 (25.00%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip bf129ef0fe9afc66b843b3a6dcaff23918b1c467f826ef179bc1300c5d7df1ec

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments