MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b0e381816b41de49f6e0c32e99bdab92baf9e45cd78fd0ac2777ea2e93186e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b0e381816b41de49f6e0c32e99bdab92baf9e45cd78fd0ac2777ea2e93186e0
SHA3-384 hash: 434db88abdbed70ec5cba72e5287334bcecdfd3e6217f9ad147869bca27f43f92a9d39580b7a961167a16d412f8190e3
SHA1 hash: 4e43893906b85048427b5e3a27d27b86af50da88
MD5 hash: d6f93fd37960c933778cf4bde27830f9
humanhash: hot-thirteen-butter-sweet
File name:Payment_Slip_Invoice_NO_EEI774.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'003'062 bytes
First seen:2020-06-02 16:38:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:Ishf/eAzSNLIbNsIIb3nFXPFUzstrqfEz6/3OXDC3bBS:nhf7StSNsIIb3FXPFUItrI/33bBS
TLSH E725331D5397233ED466CEA2B1A60F86F1311A8D3E02FFAAFD295BE75C224090367D11
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp.notes.ap.collabserv.com
Sending IP: 161.202.201.197
From: 220KVControl Room Silvassa <220kvcontrolroom.silvassa@alokind.com>
Subject: Payment_Slip
Attachment: Payment_Slip_Invoice_NO_EEI774.arj (contains "Payment_Slip_Invoice_NO_EEI774.exe")

AgentTesla SMTP exfil server:
mail.pirc-energy.co.uk:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27681.XorExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 17:36:32 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fmhdqgawwqo6jh3obqzotg62xev27hsfzv4p2cwco57kf2jrq3qa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 2b0e381816b41de49f6e0c32e99bdab92baf9e45cd78fd0ac2777ea2e93186e0

(this sample)

AgentTesla

Executable exe 8ad69f7487e5a7b06d3c9b12d4fdbf6604462f90ddc2e1986dd61eaf8427e724

  
Dropping
MD5 d387238f41a14ede0067fc4965fe9710
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8ad69f7487e5a7b06d3c9b12d4fdbf6604462f90ddc2e1986dd61eaf8427e724

Comments