MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d812ef10cb8c813a696f65a0db6e3bedf25dc103e45b95f30386b30769968e6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d812ef10cb8c813a696f65a0db6e3bedf25dc103e45b95f30386b30769968e6c
SHA3-384 hash: e51cb92a414afabf9e87c7162872e253f732775ed29efba8b73afa081e20f60b761098d8dd3dbc1c41c0814249b2ee53
SHA1 hash: efbf8d282fb305b878c9e56de050de9ef8c2e365
MD5 hash: 62c8247bc50268be4db4b831a03d0c27
humanhash: sixteen-nuts-purple-connecticut
File name:PO_62411.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:477'281 bytes
First seen:2020-08-18 11:52:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:j5ZQD/pphHzgE3QjAEVoJa+8OZdCT/exMgmmZG45iejJZI+WN3VGs:j5qzXQjhVo4+HjC8NmmZG45i+M3As
TLSH 82A4233927409D31DEBB7DA43EB606A981B766FF2D062335830711075B2D9F08D2BAA5
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: WIN-JMR7B0SADWL
Sending IP: 103.89.89.40
From: Michelle J <admin@moleaves.tk>
Subject: PO_62411
Attachment: PO_62411.zip (contains "PO_62411.exe")

AgentTesla SMTP exfil server:
mail.turismocuenca.net:587

AgentTesla SMTP exfil email address:
log@turismocuenca.net

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d812ef10cb8c813a696f65a0db6e3bedf25dc103e45b95f30386b30769968e6c/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 11:54:05 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3ajo6eglrsatu2lpmwqnw3r35xzf3qid4rnzl4ydq2zqo2mwrzwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tinba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d812ef10cb8c813a696f65a0db6e3bedf25dc103e45b95f30386b30769968e6c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d812ef10cb8c813a696f65a0db6e3bedf25dc103e45b95f30386b30769968e6c

(this sample)

AgentTesla

Executable exe abe03fc94f99d47117f6c75cf606d21b2cd361e5694076c87f6057e4c1eac212

  
Dropping
MD5 86111a0b908470e6e9468eb9745d9d49
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 abe03fc94f99d47117f6c75cf606d21b2cd361e5694076c87f6057e4c1eac212

Comments