MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4225577638328e9b17dc39634a0b35144e402ff90b3de67173c0dff24ca48a26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4225577638328e9b17dc39634a0b35144e402ff90b3de67173c0dff24ca48a26
SHA3-384 hash: a17fd411988338b5441d365dbb67ed5b5fb01944ad61403c0f177fc18f18d4d19359575b1a13dd8902fb204104bb13ba
SHA1 hash: fe6b8c5cdd13bafdeb96e037e4777414554b65b1
MD5 hash: c30f20efd1997428c025ef233c55bebe
humanhash: happy-washington-lima-ten
File name:FYI,Balance Vessel.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'044'425 bytes
First seen:2020-06-10 11:21:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:vGRihkWnqaid+NvSRnkGRxdsXu9KdegfMIQkJIASDcYmIic1:AihFqsNvwauMeUGOIaYLic1
TLSH E6253356D06776210A384CE3CC572AE87D0A6BC0E4705C9FD352FA5722DFD829A48D9F
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: VM-004480b5-f24f-40b3-8dc8-434cc728bea6.localdomain
Sending IP: 175.107.240.145
From: Selina Goh (MS) Secretary cum Admin Executive <Euoverseas@autoflex.hu>
Reply-To: rakib@marzukf-bd.com
Subject: Payment Slip***For Balance Vessel (Amount 501,000 USD)
Attachment: FYI,Balance Vessel.zip (contains "FYI,Balance Vessel.exe")

AgentTesla SMTP exfil server:
mail.odessabd.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27681.XorExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 11:23:03 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iisvo5rygkhjwf64hfruuczvcrheal7zbm66m4ltydp7etferita._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 4225577638328e9b17dc39634a0b35144e402ff90b3de67173c0dff24ca48a26

(this sample)

AgentTesla

Executable exe 0bb5de79c5854bf640949e0babed8b67ca01e50eecef19a66d0fe771d410d218

  
Dropping
MD5 821918ea1fa65d6f8f8ed0e895eeb402
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0bb5de79c5854bf640949e0babed8b67ca01e50eecef19a66d0fe771d410d218

Comments