MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2cf8d0869e5442dc8489b7445a5fa9ff5c8080056c7113f9967ddcc39c2389d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d2cf8d0869e5442dc8489b7445a5fa9ff5c8080056c7113f9967ddcc39c2389d
SHA3-384 hash: 1560bc1e219b7032727d4f5d2f7b332069b0905a3d7caa63bc2e0ecb41739081d2a0c832bc7112d9695edf0b60ecc448
SHA1 hash: eb71c6e0a0adea427ec9fe379a5fc68d43176bcb
MD5 hash: 19337aa495f0fdf40842837532a31fab
humanhash: louisiana-vegan-mike-pluto
File name:Dongha 2020 statement _dongha.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:418'108 bytes
First seen:2020-12-03 08:30:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:KtALwAXQ7U5ClfTgqgKcePQhFuPb/kbqEemxs/lt5pLChiFc7Hm73sKefD90S:KSLw8t5CWKceohFTEmxqqhiiG78KeLb
TLSH B19423D16A9A0D22B70AB10C4099C51BED2B31620E6D4B3A6FD35D3E9C8755F2325FF2
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.fpcci.org.pk
Sending IP: 124.29.202.181
From: 강신아 <sa894@dongha.co>
Reply-To: ''강신아'' <cbuccioliatlgroupit@vivaldi.net>
Subject: Dongha 2020 statement _dongha
Attachment: Dongha 2020 statement _dongha.zip (contains "Dongha 2020 statement _dongha.exe")

AgentTesla SMTP exfil server:
mail.shamstone.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.6091.30156.18542.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d2cf8d0869e5442dc8489b7445a5fa9ff5c8080056c7113f9967ddcc39c2389d/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-12-03 08:31:05 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2lhy2cdj4vcc3scitn2eljp2t724qcaak3drcp4zm7o4yoochcoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/d2cf8d0869e5442dc8489b7445a5fa9ff5c8080056c7113f9967ddcc39c2389d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d2cf8d0869e5442dc8489b7445a5fa9ff5c8080056c7113f9967ddcc39c2389d

(this sample)

AgentTesla

Executable exe 55948fede55c398fce76d97b8316d5da6f958b08746a33f0cdaf4e016f0a1e15

  
Dropping
MD5 a57320d6ff7e38e5fe6f5e3c0598b9b3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 55948fede55c398fce76d97b8316d5da6f958b08746a33f0cdaf4e016f0a1e15

Comments