MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0872f5924b43b3db5d614d090091d5ff736003f1b2f66fd8f07a3eba72e5dda. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d0872f5924b43b3db5d614d090091d5ff736003f1b2f66fd8f07a3eba72e5dda
SHA3-384 hash: ba8801b11be7eb25142cf94d35003dd45eccb04b05081ee0ec286f17c072582e5f63e487cfca2d8904a4a49ee0fc76aa
SHA1 hash: 6e1b4fe42f66e776a1e693417259a1d64506f575
MD5 hash: d1011bdfaaec8fd606206fc39d599cba
humanhash: quiet-london-fruit-solar
File name:TCT Saw blades.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:306'955 bytes
First seen:2020-06-05 06:07:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:aA9r4d8ZdcKueqr/C97QL5lnXLv4OyQrOTcKGBaUkmUiDtq8v3O:dQ8ZdcKu3gQ7nXbyoBBvJDPO
TLSH 0B6423AB5E9AE9F28EC6187FA1F1C93FC43B4011925391A72B55CF54B8A5A3F3401C49
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: "Alejandro Contreras" <shardasafetysupply@gmail.com>
Subject: Quotation for disposable plastic aprons
Attachment: TCT Saw blades.zip (contains "TCT Saw blades.exe")

AgentTesla SMTP exfil server:
mail.adithyaeng.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 06:01:39 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2cds6wjewq5t3nowctijaci5l73tmab7dmxwn7mpa6r6xjzolxna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d0872f5924b43b3db5d614d090091d5ff736003f1b2f66fd8f07a3eba72e5dda

(this sample)

AgentTesla

Executable exe 891be5e785e152b0650c8323953d998a6230b66db6f9fa5969179febbb4f7f00

  
Dropping
MD5 f2253723298545ac710fed6842815d85
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 891be5e785e152b0650c8323953d998a6230b66db6f9fa5969179febbb4f7f00

Comments