MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e9bffa39bc4546a7a1c67c66f9da07f7f4122d8063a89502fd4c973c334c95d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e9bffa39bc4546a7a1c67c66f9da07f7f4122d8063a89502fd4c973c334c95d5
SHA3-384 hash: 6321faa5f1fc936a4cbc94fe82543693b6c0dacacc3e0c88f86ecb8f597a4eb4fcaa19ff9524ca183f2bdf8a42924cca
SHA1 hash: e3fc5f5f01b4b5e37cb6fbde52cb22d49b988502
MD5 hash: eb1975ecdd210e0a1f937fc5db7d7050
humanhash: mississippi-pennsylvania-blossom-charlie
File name:BL_Draft2020876456355.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:431'060 bytes
First seen:2020-08-19 07:22:12 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:n44vM9P+Qsq+jjT60vOObZMoOBO3O50nG9:n44vSP+Q6m02QZhOBMOOnG9
TLSH DC9423C9FD5429147D69BF80DF616663A5158FEF0D80874CF230EDBB5CC5928E28A2B2
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: srv.kibriswebhizmetleri.com
Sending IP: 213.159.5.123
From: Rashid Omai <info@hameedtr.net.pk>
Subject: Re: **TOP URGENT** Shipping Documents
Attachment: BL_Draft2020876456355.pdf.gz (contains "BL_Draft2020876456355.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e9bffa39bc4546a7a1c67c66f9da07f7f4122d8063a89502fd4c973c334c95d5/
Threat name:
ByteCode-MSIL.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-08-19 07:24:05 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5g77uon4ivdkpiogprtptwqh672belmamoujkax5jsltym2msxkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e9bffa39bc4546a7a1c67c66f9da07f7f4122d8063a89502fd4c973c334c95d5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz e9bffa39bc4546a7a1c67c66f9da07f7f4122d8063a89502fd4c973c334c95d5

(this sample)

AgentTesla

Executable exe 00cf9f1f71d204af2c96bebfd9b269dd387be2f2e61a3efd008cec0744f5e007

  
Dropping
MD5 1371be9ea36c6eb0ac731761311b5b23
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 00cf9f1f71d204af2c96bebfd9b269dd387be2f2e61a3efd008cec0744f5e007

Comments