MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8f173101103035dbf5a781b6db2c3a8baa4304a8a8ff6d4bfcd7f5a14b09977. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	c8f173101103035dbf5a781b6db2c3a8baa4304a8a8ff6d4bfcd7f5a14b09977
SHA3-384 hash:	23c57959436b94b2ef1a72c4db17474d4028fdf242c6e142cac62b83ddfc4a3846454ad0020092bb6ad3292e9f063dcb
SHA1 hash:	b5f0aaba847bc81884a537d4552383b1c1e4fcbe
MD5 hash:	ba450417478a8762aa5fb5a89ebc30c1
humanhash:	black-delta-fifteen-butter
File name:	El Kemble PVT Offer for enq01-FKM60.cab
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	1'336'380 bytes
First seen:	2020-08-18 06:24:08 UTC
Last seen:	Never
File type:	cab
MIME type:	application/vnd.ms-cab-compressed
ssdeep	24576:6Jf2+wAX9M9QJVZjeXM5DD4I0PJ7orKoc+CfhYTZ5IRIXDuowdUQCX3iVIf/U:6JfWAO9mDaXgs1N0jAhYN5IzoQSrU
TLSH	195533605916D0BFDB1EA5FE4722E4C520B8E08C4CC44C8E1539FAD5265ABFC63B6E4B
Reporter	abuse_ch
Tags:	AgentTesla cab

abuse_ch

Malspam distributing AgentTesla:

HELO: panelzelectric.com
Sending IP: 209.58.149.66
From: YIN SHWE SIN<yinshwesin@panelzelectric.com>
Subject: El Kemble PVT Offer
Attachment: El Kemble PVT Offer for enq01-FKM60.cab (contains "El Kemble PVT Offer for enq01-FKM60.exe")