MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb8f50d531de3822cd8ba7075bbb370d18c43c87e6fbc265dfb4281d56213447. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb8f50d531de3822cd8ba7075bbb370d18c43c87e6fbc265dfb4281d56213447
SHA3-384 hash: d2bbd1fe3ff369327502dd740d7696878182072e8402a8a7f36a44e204ff76e92cc6200e7690af7f6fe143fb75128612
SHA1 hash: 4623c690301577556e864793331aef2eeda6d9fe
MD5 hash: 5bccaf893a068db00611e48c8b7ae63d
humanhash: don-eighteen-texas-harry
File name:payment copy.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:699'619 bytes
First seen:2020-05-25 07:48:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Szxws7TMrKleHP3hfgqA38/Ef0ZpjqFnUSb3cAeJmQxYQtNkoLW/FO+:8ws7guIH/NgqA38/+0ruFn7s/J/iBFl
TLSH F7E43327DB0BB027F0AFEEAE94014B53A76E6143EF70586C62310EBC772515F6642276
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mctransgl.com
Sending IP: 103.207.37.96
From: "石曌君/ Amy Shi" <amy@mctransgl.com>
Subject: [F1-logix] SOA APRIL
Attachment: payment copy.zip (contains "payment copy.exe")

AgentTesla SMTP exfil server:
mail.acmasindia.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.308.31203.23791.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 08:36:21 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip cb8f50d531de3822cd8ba7075bbb370d18c43c87e6fbc265dfb4281d56213447

(this sample)

AgentTesla

Executable exe 4282ae23bf6e1a962085b045a712056a9d98c1e03d9d77c6a226d3fc7ed89776

  
Dropping
MD5 e5f74fba39a57d9e8f42b3073447b283
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4282ae23bf6e1a962085b045a712056a9d98c1e03d9d77c6a226d3fc7ed89776

Comments