MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e42f70cff686d207749d89fc79cc118fdab84bbe647d392c37277b5a97ae8c0d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e42f70cff686d207749d89fc79cc118fdab84bbe647d392c37277b5a97ae8c0d
SHA3-384 hash: 58f62ff9b87acb146c9099353d8eec375cad33bf22b579a4ce06a6589422a994d375aa5fd852a031a2be64cdec8753cb
SHA1 hash: c33c57f6a985b826ef70714d8f56a1e3f31c7a2a
MD5 hash: e9b8af0da65bdebd6495d90d6f5ea9bf
humanhash: speaker-quiet-nine-michigan
File name:confirmation.doc.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:10'218 bytes
First seen:2020-06-11 11:20:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 192:QeKFQJgGN5+jtCUwHDp/elCflYvgvn8D7Lh/ILpCVhLSQXVQfu7Q11ZOXRW5:QhFGNetCpDp/QslYvan8DB/ryQXUu7QV
TLSH 1F22AECFFF5026E4E11788B42650EE99CA758018F259ECCF1B4DE49FC68E049AF44C68
Reporter abuse_ch
Tags:AgentTesla CVE-2017-8570 zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 142-4-27-236.unifiedlayer.com
Sending IP: 142.4.27.236
From: Support <bakerys@unclejohnsbakery.onmicrosoft.com>
Subject: Please confirm 6/11/2020 9:29:05 AM id:XXX
Attachment: confirmation.doc.zip (contains "confirmation.doc")

AgentTesla payload URL:
http://wg-mallestig.at/libraries/cms/editor/00/office.exe

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
MiscreantPunch.Macro.PiratedOffice.171002.M2.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.SquiblyDoobyDOWhereAreYou.20200507.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Document-Office.Exploit.CVE-2017-8570
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 11:21:09 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4qxxbt7wq3jao5e5rh6httarr7nlqs56mr6tslbxe55vvf5orqgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip e42f70cff686d207749d89fc79cc118fdab84bbe647d392c37277b5a97ae8c0d

(this sample)

AgentTesla

Executable exe 79afc9b39ba7fe7dd6ed282d39eb915bb47271d552177f62c6606b99901f9cd2

AgentTesla

Word file doc 3142977bcfdcb210911cafe45c3bfe32085ba994cdc0eaa216beef13e8c2a43e

  
URLhaus
https://urlhaus.abuse.ch/url/386591/
  
Dropping
MD5 7c777caa699a828658624818271dbb8b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3142977bcfdcb210911cafe45c3bfe32085ba994cdc0eaa216beef13e8c2a43e

Comments