MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ba9a3e59f4509a5e400a39f507d01fcefef9682bb8a9dd5b1e489bebd4be3be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ba9a3e59f4509a5e400a39f507d01fcefef9682bb8a9dd5b1e489bebd4be3be
SHA3-384 hash: 86c0bc8c47295841c15dabf3a8bff82859496bb36c6f0c1c4f3d44f34b065cf1b0f10c291578082b3430cbd9d8669cee
SHA1 hash: 9e8fba902439e76b50e50ef026242adcc875dbb7
MD5 hash: d07f0ce180c5bc46f0455f4e52a879f5
humanhash: montana-arizona-july-sixteen
File name:IMG_001 KN95 Automatic Facemask Details And Speification For New Order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:412'097 bytes
First seen:2020-06-16 12:03:09 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:/LtgHOdG3E6sOhdyDZor3E4ymTBBxusnqhiVnB5otQ8+MqGXMr0gTkrr9jrF:/L1iEjOLE6r3fdyYFDuVqGXLPrrlF
TLSH DD94236150A0324454E6C59E2DBCAFC5487A69881FF08B8F3301C575EE6A5ADF337AF8
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cloud.criticalserver5.net
Sending IP: 140.82.30.135
From: humberto.elizondo@bwplazamonterrey.com
Subject: Re: Waiting For Quotation (RFQ)
Attachment: IMG_001 KN95 Automatic Facemask Details And Speification For New Order.zip (contains "IMG_001 KN95 Automatic Facemask Details And Speification For New Order.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34016426.19424.29719.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 12:05:04 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bou2hzm7iue2lzaauopva7ib7tx67fucxofj3vnr4se35pkl4o7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 0ba9a3e59f4509a5e400a39f507d01fcefef9682bb8a9dd5b1e489bebd4be3be

(this sample)

AgentTesla

Executable exe 0adc13bbdb0e85b72eb607582ec49e4878c37df58476575bf963365632bda5c1

  
Dropping
MD5 b3461bba8263fe01b98a342372a992c7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0adc13bbdb0e85b72eb607582ec49e4878c37df58476575bf963365632bda5c1

Comments