MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dbaeb03ceefc1d9c9f9c860f0d1c6a33cea260939c7905e8831c7aa700401f6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dbaeb03ceefc1d9c9f9c860f0d1c6a33cea260939c7905e8831c7aa700401f6a
SHA3-384 hash: 4ca972bfe0346d4f0a431c69a20066d9fb1fa5f234509e2fb5fd2226315d78f2d0d5c29e42a7fdd90853ecd7007b8299
SHA1 hash: 5a5250eeecebf25ea51ef230a771e21db5834083
MD5 hash: b56d5b1eed5f278c307347adec9ccd57
humanhash: jig-seven-nebraska-lemon
File name:CONFIRM PI.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:590'590 bytes
First seen:2020-05-04 17:26:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:i9eXtQPXP2L7bp8Bo/qzADCqBKTu/cUmmzw/K+N6n3teJa4k9H4jXVhl:i9otQPfmp1qz/RuEUzbH3tr7H4t
TLSH 09C423C81E06590F065AEA55784A6F5B68CA5DCE4EC4FDA77B498209FB40B1F0C3B43C
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: suncor.com
Sending IP: 103.207.39.104
From: office1@suncor.com
Subject: RE: CONFIRM PI
Attachment: CONFIRM PI.zip (contains "CONFIRM PI.exe")

AgentTesla SMTP exfil server:
mail.9galaxy.in:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.48308.30248.20660.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 00:20:30 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3oxlapho7qozzh44qyhq2hdkgphkeyettr4ql2eddr5koacad5va._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip dbaeb03ceefc1d9c9f9c860f0d1c6a33cea260939c7905e8831c7aa700401f6a

(this sample)

AgentTesla

Executable exe dcaf6aed333996a431610306d24a90e7bb27035cdeb93901c1e1b00626877e78

  
Dropping
MD5 c1500911b0595cda6cfda1f5d2da5d41
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dcaf6aed333996a431610306d24a90e7bb27035cdeb93901c1e1b00626877e78

Comments