MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8f829521ff957ce0b2343426fa96d6f7252ca162f3c264702bccf5b624dc52c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8f829521ff957ce0b2343426fa96d6f7252ca162f3c264702bccf5b624dc52c
SHA3-384 hash: ea4ffbb6c2da85126820fec78a42b90e97c7e735287b452ca13d92ab3ce5362d7c9f02cc93d3c85d11259e8a117b4b42
SHA1 hash: e033cbd74f937f96925a0f2ff2b29fbda010e85e
MD5 hash: 3693d005713308b3f1a77f9e060167f8
humanhash: alpha-victor-missouri-vermont
File name:RFQ - L2004220045.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:411'495 bytes
First seen:2020-05-23 07:18:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:KmPrCtVUqyg2B/jzOg/R6CjRBVxLHY6+8QQ+p9+AdjG9QgGhxznsXn7yX+pa:8tB2Bt6EnY6fg+b9QPzyn7c+pa
TLSH 5694230DBE312B7D9E5380927BFE4B1F2F6A870B830D2539214A9094FE43D989B1F654
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.jiframeasylivingproducts.com
Sending IP: 142.4.26.167
From: todd@custombuiltpallets.com
Subject: Request For Quotations - RFQ-19-06375-01-1870
Attachment: RFQ - L2004220045.7z (contains "RFQ - L2004220045.bat")

AgentTesla SMTP exfil server:
mail.sacaplus.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.MSILPerseus.224337.22715.28495.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-23 07:35:42 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f8f829521ff957ce0b2343426fa96d6f7252ca162f3c264702bccf5b624dc52c

(this sample)

AgentTesla

Executable exe e83fe0f20ca6602c7842bd619698e141d7a0f92c4e625b42559334ccab74a148

  
Dropping
MD5 6fddc9be9e33acc082b0108f29707df2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e83fe0f20ca6602c7842bd619698e141d7a0f92c4e625b42559334ccab74a148

Comments