MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 055ba10fc5be1632683c3aa4024f51e86a9d9d59e8512d93d201e95d53c5c670. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 055ba10fc5be1632683c3aa4024f51e86a9d9d59e8512d93d201e95d53c5c670
SHA3-384 hash: c5d534d115313b8e70ec14aae5920a9f2d3c6469fda969cf5c8c89cc426c132573f409051e02f3306ca951ba5aff03e7
SHA1 hash: 698c47717e75542b228796baad69f3e185863289
MD5 hash: 0eec4791db8b11e69e2be333045e091c
humanhash: pip-emma-don-five
File name:Detalles del pago.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:451'074 bytes
First seen:2020-06-18 18:36:44 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:3QhLAdGFWzJGDWupmDtcXkpfyp9avw3mXhi:34AKQGCHyXZ9ywt
TLSH ACA423BF2395AB15A8B150C366C633AF2222F68A34512079F43ACA3F7D447F61476369
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.viteltek.com
Sending IP: 104.237.144.27
From: Torres Rosa E <rtorres@nashvillewire.com>
Reply-To: Torres Rosa E <rtorres@nashvllewire.com>
Subject: Re: PAGO ATRÁS DEVUELTO TT (Ref 0180066743)
Attachment: Detalles del pago.pdf.gz (contains "Detalles del pago.pdf.exe")

AgentTesla SMTP exfil server:
mail.trademaxperu.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodZp-A.19110.2992.UNOFFICIAL
Create hunting rule

Gathering data
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=avn2cd6fxylde2b4hksaet2r5bvj3hkz5bis3e6sahuv2u6fyzya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 055ba10fc5be1632683c3aa4024f51e86a9d9d59e8512d93d201e95d53c5c670

(this sample)

AgentTesla

Executable exe ee179cf179ec5743bd32e4df32cc7f4dbf912c962a558eaa37f65b0a6b7f10f2

  
Dropping
MD5 7f52b21278d92fb17da4b6dbe6c4abb9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ee179cf179ec5743bd32e4df32cc7f4dbf912c962a558eaa37f65b0a6b7f10f2

Comments