MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cba8591d77e2c2d915ed06769d2b0a728b9da8f03e5b103f7383223d65c6b91f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cba8591d77e2c2d915ed06769d2b0a728b9da8f03e5b103f7383223d65c6b91f
SHA3-384 hash: 4f5f0efc1857a9ae0358b39bcc313eaa456f22b2f2380a533ba7478ca9f2b99fd6face133bedd35054c6c196b3f7147b
SHA1 hash: 5f2b6659526c40117cf6e61ca865655bd5d2497e
MD5 hash: ff6df98307430ffc0e6889099965f327
humanhash: oven-fish-alpha-vegan
File name:PURCHASE_PRODUCT_LIST2020.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:646'950 bytes
First seen:2020-10-21 07:03:42 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:M/9kQq3FjNU2NsPtabUIFcBL4cHgGjq4Y52FdwOpz4kHp1HmRElPLHwiYk9VN:M/9Bq1j+2NuaLY4S+4zHpbJ1HmYPzwiN
TLSH A6D433C22FD1B60366F11A415FD956C0D366FA2818D0E5C6D794373EB6CEA78B88B84C
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: demokritos6.cytanet.com.cy
Sending IP: 195.14.130.216
From: lilian@nbsglobal.co.za
Subject: po
Attachment: PURCHASE_PRODUCT_LIST2020.rar (contains "PURCHASE_PRODUCT_LIST2020.exe")

AgentTesla SMTP exfil server:
mail.purseyboucher.co.za:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cba8591d77e2c2d915ed06769d2b0a728b9da8f03e5b103f7383223d65c6b91f/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 16:07:52 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zoufshlx4lbnsfpnaz3j2kykokfz3khqhznrap3tqmrd2zogxepq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar cba8591d77e2c2d915ed06769d2b0a728b9da8f03e5b103f7383223d65c6b91f

(this sample)

AgentTesla

Executable exe b329339955fe03c374ef32667a175ff2d0a8ac1df1b930f7afcc1e44bed3d89c

  
Dropping
MD5 512cada2c830555baf6a399aa1fc9caa
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b329339955fe03c374ef32667a175ff2d0a8ac1df1b930f7afcc1e44bed3d89c

Comments