MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f967879cdc2dd04a5f710a291ea1bb80d44eadebb9ad29fb6fba8644f16a5fec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f967879cdc2dd04a5f710a291ea1bb80d44eadebb9ad29fb6fba8644f16a5fec
SHA3-384 hash: 6b2a4aae7f7c64d9ed54f8a1b72d0113a8d3c9a52aef4ef0a81390b7c62b139beb3a91cffde49e959e4f2b34c990d47d
SHA1 hash: 5b23bb6bbfa546b995f8a225ab40a76131e73e16
MD5 hash: e5d86af77905485ae4e4484aa2f77360
humanhash: video-michigan-bravo-enemy
File name:marieclaire 86HG65Ht112.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'117'209 bytes
First seen:2020-05-12 09:31:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:INPzST+5dPNnl3kpINQxcDap5/IUWIppF7UT73qveQHbWsj:IVSqvPNnpNcKaXjWAkiP
TLSH 463533678BFF078DA259D341D0D51E17F8053BB6B94CC209B192A6818B73EA4C12BE5F
Reporter abuse_ch
Tags:7z AgentTesla geo GRC


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.linux82.papaki.gr
Sending IP: 95.216.7.161
From: mandrino@otenet.gr
Reply-To: magnagr <jane@scxboard.com>, mandrino <jane@scxboard.com>
Subject: Θέμα: marieclaire – προσφορά
Attachment: marieclaire 86HG65Ht112.7z (contains "marieclaire 86HG65Ht112.exe")

AgentTesla FTP exfil server:
ftp.valea-iazurilor.ro:21

AgentTesla FTP exfil user name:
Og@valea-iazurilor.ro

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 06:29:12 UTC
AV detection:
8 of 47 (17.02%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ftyphg4fxieux3rbiur5in3qdke5lplxgwst63pxkdej4lkl7wa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f967879cdc2dd04a5f710a291ea1bb80d44eadebb9ad29fb6fba8644f16a5fec

(this sample)

AgentTesla

Executable exe edcf4c5b58a40983646392cea049f6bd7440fd4447086b6cc36148c0e53716a8

  
Dropping
MD5 0443d45a8a063ac9b5364ffe70746cf7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 edcf4c5b58a40983646392cea049f6bd7440fd4447086b6cc36148c0e53716a8

Comments