MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cae2358ddfcd11b3c62ad5e7ff9a13461cf4e8c90d46f0278114a7c083e4ae47. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cae2358ddfcd11b3c62ad5e7ff9a13461cf4e8c90d46f0278114a7c083e4ae47
SHA3-384 hash: 26d9ddf317090709024572ba9735091344155f0e82ccd4b8abac70f3ace9f959a45dc823b500f989cc6c1e6d40fccd72
SHA1 hash: fb630c45210ab1be8e3bb1fcbd785bdb9605844d
MD5 hash: 0ba399331ba1ab5e1932466ca82cf4f1
humanhash: cardinal-video-golf-london
File name:OUTSTANDING PAYMNET.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:456'543 bytes
First seen:2020-08-13 08:29:36 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:7/MtzIZk6Z5PkYEHgehy8GfSEtK1xdS++ecJv:7KkZhaYJehy05S+Yv
TLSH FFA423D1F1EE63B038026CFFA65C9D8C77E9512AC82F6BB7564E44C8F66BF02A141116
Reporter abuse_ch
Tags:AgentTesla cab


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gmail.com
Sending IP: 45.137.22.110
From: PakTech <paktechindustrial@gmail.com>
Subject: Re: Payment Yet To Be Received (Invoice No. T71/20) - Shipment Date: AUG 19, 2020 (Sunday)
Attachment: OUTSTANDING PAYMNET.cab (contains "Proforma Inv.exe")

AgentTesla SMTP exfil server:
smtp.peregrrineeye.com:587

AgentTesla SMTP exfil email address:
sales@peregrrineeye.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Mal.Generic-S.5549.16169.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cae2358ddfcd11b3c62ad5e7ff9a13461cf4e8c90d46f0278114a7c083e4ae47/
Threat name:
Win32.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 08:31:07 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zlrdldo7zui3hrrk2xt77gqtiyopj2gjbvdpaj4bcst4ba7evzdq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cae2358ddfcd11b3c62ad5e7ff9a13461cf4e8c90d46f0278114a7c083e4ae47

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab cae2358ddfcd11b3c62ad5e7ff9a13461cf4e8c90d46f0278114a7c083e4ae47

(this sample)

AgentTesla

Executable exe e6a9bbee2b3b1dec06bfcddd17711777d7d14171e9c180a7310f6bb9cabf6879

  
Dropping
MD5 825e3d821d92df7f2ec8f460d1ad2ec7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e6a9bbee2b3b1dec06bfcddd17711777d7d14171e9c180a7310f6bb9cabf6879

Comments