MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d1fb246beb2c435218e9f88a3a2013c1390f89dcdf6724c3a247ed1842bbc96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d1fb246beb2c435218e9f88a3a2013c1390f89dcdf6724c3a247ed1842bbc96
SHA3-384 hash: 04f83748408c162709ead1c8713e87b4043bc28094905df5dea0876f6389122608278575cf0a1b497bc2cf782b815666
SHA1 hash: 5067d4cee283ec3358ef75c9532b0e420437a37e
MD5 hash: 038d653f2a3e3c885503f0c32f8f72f3
humanhash: eight-mars-twenty-don
File name:WHO Health Alert brings COVID-19 facts.Gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:460'160 bytes
First seen:2020-04-05 09:09:07 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:6HiF14lj7Gk8fp0Si5CJh8oPZtcUQPNoYfeUxA3:6c1Xk8xXJh8YZ+UQPNogq
TLSH 58A423392A2EC91DBDCECEF6DDC738169E4FC6CE3198F44420ADDD3A260C2661381554
Reporter abuse_ch
Tags:AgentTesla COVID-19 gz


Avatar
abuse_ch
COVID-19 themed malspam distributing AgenTesla:

HELO: who.net
Sending IP: 103.114.104.96
From: Health Alert brings COVID-19<eurorc69@who.net>
Subject: WHO Health Alert brings COVID-19 facts For All Business Owners
Attachment: WHO Health Alert brings COVID-19 facts.Gz (contains "WHO Health Alert brings COVID-19 facts.exe")

AgentTesla SMTP exfil server:
mail.emailsrvr.com:587 (173.203.187.14)

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Frs
Create hunting rule
Status:
Malicious
First seen:
2020-04-05 09:35:47 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
25 of 47 (53.19%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fup3erv6wlcdkimot6ekhiqbhqjzb6e5zx3hetb2er7ndbblxsla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 2d1fb246beb2c435218e9f88a3a2013c1390f89dcdf6724c3a247ed1842bbc96

(this sample)

AgentTesla

Executable exe 9c05da35b9f24c43aebafbffe27c556ec9310bc6caa520af20b1ed0edf2198b4

  
Dropping
MD5 0ea9c4776f134a899b7596e73a42ad2e
  
Dropping
SHA256 9c05da35b9f24c43aebafbffe27c556ec9310bc6caa520af20b1ed0edf2198b4
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9c05da35b9f24c43aebafbffe27c556ec9310bc6caa520af20b1ed0edf2198b4

Comments