MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 10fa139545c85956c402eed38998d58a455214c4a320b60694e47ad8063a398d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 10fa139545c85956c402eed38998d58a455214c4a320b60694e47ad8063a398d
SHA3-384 hash: 53d75a0e8bdbeeee02102cd5ccd2b8c7b7b3778ce472a5344622261d9526d0204dabb980b8d0675d7048577187af64ce
SHA1 hash: 96b992807420e8b0dff5dd86b585c2dc9f6264be
MD5 hash: ad11ab7608f6a6d6d6acedd94aa1e92f
humanhash: video-quebec-white-harry
File name:May Order 2020,XLS.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:421'630 bytes
First seen:2020-06-09 05:53:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:QsY+Xp7n2qRv1ySq91YQhqdW3hF3vn1Zsqb:QgZThESoYQhq4hVdZsA
TLSH 069423C2502EB6201D09B99BFEF157DB451388633BFD6D871E58902A771AE5CBAE0703
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hwsrv-730126.hostwindsdns.com
Sending IP: 23.254.226.169
From: Hailey<abw12002@naver.com>
Reply-To: Hailey<Joanp@fuzetec-tw.com>
Subject: Order 05072020,pdf Howgroup
Attachment: May Order 2020,XLS.zip (contains "May Order 2020,XLS.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Zmutzy.Pong.1.16551.14159.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 05:55:04 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cd5bhfkfzbmvnrac53jytggvrjcvefgeumqlmbuu4r5nqbr2hggq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 10fa139545c85956c402eed38998d58a455214c4a320b60694e47ad8063a398d

(this sample)

AgentTesla

Executable exe 4b0c035a10e85e131f8000873e32c6d75672b0052a7bb6ae29d45ac4d3cadd4f

  
Dropping
MD5 ef23d7d71701475b067f4d8d52cbb5b2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4b0c035a10e85e131f8000873e32c6d75672b0052a7bb6ae29d45ac4d3cadd4f

Comments