MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02a016fec138750e4a00cb593e95ab24b1b28a794babd7c784e3d048f66422cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 02a016fec138750e4a00cb593e95ab24b1b28a794babd7c784e3d048f66422cb
SHA3-384 hash: 0346a00c2d7df804e57556eac001e09d0c249f94a7f72157a00b174592cd87e1083a1526e348a56706be74b27d187c57
SHA1 hash: 9eda21158cac48253de4e7f6a80d3e6d7cd2475f
MD5 hash: 3991ed28edb920369909416f6a6dfa25
humanhash: six-yankee-ack-mars
File name:order01.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:396'673 bytes
First seen:2020-06-26 07:51:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Jb3OxPz0TeNu4+T2I0iF3rZdTJKU8z8uw:JrOxPzceVwOiF3tKU8z81
TLSH 9E8423198DA9DD8C930AE06B241A1E742E435120AF06DDD39DA7CBF49F514FDC7AEC18
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: antirelay48.smtp.cz
Sending IP: 81.95.105.178
From: asistentvyroby@oceng.cz
Subject: ORDER LIST NEEDED.
Attachment: order01.zip (contains "order01.exe")

AgentTesla SMTP exfil server:
mail.ab-care.eu:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.d72f02436bb252e3.2121.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/02a016fec138750e4a00cb593e95ab24b1b28a794babd7c784e3d048f66422cb/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 05:08:44 UTC
AV detection:
21 of 47 (44.68%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=akqbn7wbhb2q4sqaznmt5fnlesy3fctzjov5pr4e4pier5teelfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 02a016fec138750e4a00cb593e95ab24b1b28a794babd7c784e3d048f66422cb

(this sample)

AgentTesla

Executable exe a7e448adfaa3c0d503907c2353cbb0190240a20f28f6a55bf146eb19f1a05273

  
Dropping
MD5 d72f02436bb252e33df8f00651ccc97b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a7e448adfaa3c0d503907c2353cbb0190240a20f28f6a55bf146eb19f1a05273

Comments