MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48910514d239ac624abe3f09b51d41d510600e5a3dbd1f9cebd1c9e387ca4d65. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48910514d239ac624abe3f09b51d41d510600e5a3dbd1f9cebd1c9e387ca4d65
SHA3-384 hash: 14986af0c45bc6be0476d81ec8e3a23ca590250f667693ed34810a057fb8e00c7d60d9cd19f25d49e14dffd70d32429b
SHA1 hash: 6571735fc1fdc5dcdb0dba60e653fa8476f7d976
MD5 hash: fd262f2c337e4bc4b549f513b75f0450
humanhash: victor-zebra-coffee-lake
File name:Invoices.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:443'935 bytes
First seen:2020-06-04 06:28:03 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:WCdoR520jYTYUsA1G0mfe9VKEnSbOVpzIYrKeZL1:WCdq/gYUsDfe9gEnSbUpTmeZh
TLSH B99423A32E3B7839D20115ACF22958D7CDA1C3C57813139BB29B64DEE26D548478B37E
Reporter abuse_ch
Tags:AgentTesla SCB zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: clicklife.clicklifeuae.ae
Sending IP: 64.64.4.134
From: Standard Chartered Bank <Estatement.BH@sc.com>
Subject: Right Bank Details (Standard Chartered Bank)
Attachment: Invoices.zip (contains "Invoices.exe")

AgentTesla SMTP exfil server:
mail.greenleaf.co.ke:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.21103.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 14:04:50 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jciqkfgshgwgesv6h4e3khkb2uigads2hw6r7hhl2he6hb6kjvsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 48910514d239ac624abe3f09b51d41d510600e5a3dbd1f9cebd1c9e387ca4d65

(this sample)

AgentTesla

Executable exe b5b2d38c58696bb049cf7f3de5ac8312600cbb3c2444ef4a1a1089a745fce48b

  
Dropping
MD5 b615037712046f0960d0b4d870889416
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b5b2d38c58696bb049cf7f3de5ac8312600cbb3c2444ef4a1a1089a745fce48b

Comments