MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a433b3e052a5627c55b77417a4508bfa777ad54d179ad661de2fb49ae51bde3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a433b3e052a5627c55b77417a4508bfa777ad54d179ad661de2fb49ae51bde3
SHA3-384 hash: b9ff0a9461f098f0108f2644e1ed250ba87266fce4f2fa28406729dd2d7b48b1a7e544e17d31c68ed935a5bf8c506633
SHA1 hash: 4c8a1e087408a7ec34966980a5c500d5caf6735c
MD5 hash: 7ac178d0f8b87bd0741744378507a799
humanhash: batman-cardinal-florida-vermont
File name:SWIFT EUR 2053,84 20200513135747.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:444'752 bytes
First seen:2020-05-20 08:38:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:/b6OXTJM7PvV/4fEn2mYe1MZzpnO3h5zcZXd7eKlcI/TLiN9mrqDHUfTdSgPOvN4:hjuLvVA82M1MZ9nSmdyKlzLLiLmnVmS
TLSH E59423DA8CBF4CAC772E2C7294548C9C3B43F92563BE46DA1D10C8829FC4637954E72A
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vps.depingle.com
Sending IP: 45.95.169.35
From: International Payment Group <kmn04@knmbz.com>
Subject: SWIFT doznake 1/ EUR 2053,84 20200513135747
Attachment: SWIFT EUR 2053,84 20200513135747.zip (contains "SWIFT EUR 2053,84 20200513135747.exe")

AgentTesla SMTP exfil server:
mail.acroative.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Herz.B.2544.31831.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 09:36:03 UTC
File Type:
Binary (Archive)
Extracted files:
296
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bjbtwpqffjlcprk3o5axuriix6txplku2f422zq54l5utlsrxxrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 0a433b3e052a5627c55b77417a4508bfa777ad54d179ad661de2fb49ae51bde3

(this sample)

AgentTesla

Executable exe e1d48f1d706b1d9aa86527fb96b7873b3d8917f5a460c76aeb0439fe3e9beba5

  
Dropping
MD5 ea825ea3f2ed704d3cfab655637a706c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e1d48f1d706b1d9aa86527fb96b7873b3d8917f5a460c76aeb0439fe3e9beba5

Comments