MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a96acb017500b061e91c0db94cff945dabb31f8cd514e459c0a0a0bf6c19b0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a96acb017500b061e91c0db94cff945dabb31f8cd514e459c0a0a0bf6c19b0f
SHA3-384 hash: 37c202989f5032325efec7cc1c3755f79466f1d2c152c8d09e1e496314ae3f8b7ddf5023535e308ec7bcd8ffcb7044b8
SHA1 hash: 5e4b98c530d18d8b50a5c85c531a4d7b625de645
MD5 hash: ef2e6d6d97e2e0221f09c5baca54481f
humanhash: vegan-kitten-enemy-don
File name:Prevencao da COVID-19.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'170'447 bytes
First seen:2020-04-17 07:31:27 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:fNh/XtihTiWii0ljkB7LmxeGB9ajgj57j2wRag7nbKFM9:f7/Xtyii0jom8Kgjgj57FEgCFS
TLSH 0945337B915BE11BD49268C05DD0E638CCFA4AFE5503EBB19C19443A8DDFFC6A21A324
Reporter abuse_ch
Tags:AgentTesla COVID-19 zip


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: srv40.creattiva.cl
Sending IP: 200.35.157.40
From: "Covid-19 Sanidad" <newsletter@health.com>
Subject: COVID-19 prevenção e orientações
Attachment: Prevencao da COVID-19.zip (contains "Prevencao da COVID-19.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-04-17 07:35:36 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
28 of 47 (59.57%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fklkzmaxkafqmhurydnzjt7zixnlwmpyzviu4rm4bifax5wbtmhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 2a96acb017500b061e91c0db94cff945dabb31f8cd514e459c0a0a0bf6c19b0f

(this sample)

AgentTesla

Executable exe 2a2543821989e8ceb4f0e5eaeeb0f5c86d5f05ca22ebbe2c8bce00ecae5b613a

  
Dropping
MD5 39e8e7fb5e84309f2234c765ae620818
  
Dropping
SHA256 2a2543821989e8ceb4f0e5eaeeb0f5c86d5f05ca22ebbe2c8bce00ecae5b613a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments