MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 222dc9a4a007d7a4931d1f47fbda1c456bcc7b63120661dc37faa94d5b05b279. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 222dc9a4a007d7a4931d1f47fbda1c456bcc7b63120661dc37faa94d5b05b279
SHA3-384 hash: 7d64ee64ede3ae5267adfa5dc207dca75f89244107e66e98e16e60b71ab0784bf00333a2481f1d84de230a3cbd708236
SHA1 hash: 131dfa76e83a2d5f959ea02e5fac063fea288ec0
MD5 hash: 6b6836b71b73323f7a16589df749b0bd
humanhash: queen-pennsylvania-black-romeo
File name:Transactions_PDF.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'026'758 bytes
First seen:2020-05-26 11:02:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:lep7Dyp8C3j0wZ7oMZtzkI/Ifc6hNX//wG+VwrBl:lepGV3jn3ZxkI/z6hN/wPil
TLSH F62533BB8AEEB37DCD621D55A380875A0DE2F240614D590436A1DB76F0237EF0F4AA1D
Reporter abuse_ch
Tags:7z AgentTesla AlphaBank geo GRC


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: host.vngroup.gr
Sending IP: 95.217.85.235
From: ALPHA BANK <accounting@ekyo.gr>
Subject: Alpha Web Banking: 26/05/ 2020
Attachment: Transactions_PDF.7z (contains "Transactions_PDF.exe")

AgentTesla FTP exfil server:
ftp.solarcenter.ro:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:36:50 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 222dc9a4a007d7a4931d1f47fbda1c456bcc7b63120661dc37faa94d5b05b279

(this sample)

AgentTesla

Executable exe c5c2b440e9d6a0b947db4f5769fd36c844c107db1df8e05f2a06104c4462c95a

  
Dropping
MD5 719651a5704d90840383ffdbc52f6034
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c5c2b440e9d6a0b947db4f5769fd36c844c107db1df8e05f2a06104c4462c95a

Comments