MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a2f27da41197aab50614f4c22db428c4da5aa5ea83ddf0a19f4ef12fd17facc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a2f27da41197aab50614f4c22db428c4da5aa5ea83ddf0a19f4ef12fd17facc
SHA3-384 hash: d82c41f93f0129bb71ef667db52ab2dd0edb1383dae53fff72ef8385cd071e9265918711322cd9359fba53c444321ef4
SHA1 hash: 9a4e264a9fb60b345d83d03aca9e11a294b4b367
MD5 hash: d73dcd15fb6728e65d6a8646c107ba79
humanhash: bakerloo-angel-helium-social
File name:MFRG BULK ORDERSHEET 40118.Iso.zip.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:972'080 bytes
First seen:2020-06-15 05:44:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:kTn9FPBhAGB0wGz9qF+2qBWNVRBk27hb1uINO1XTvXCEuNiT2o436:kJF5h9oqFlUWNXv7+PBXh4iTpD
TLSH D0253381DC8384D52C3F7B00267E4A7773B471B862203E57989FD0A54B62E5CE376AAD
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: klemsan.pw
Sending IP: 23.254.211.57
From: hr@klemsan.pw
Subject: PO#20180319 April-12-2020 from Anglo-Nothern Management Ltd.
Attachment: MFRG BULK ORDERSHEET 40118.Iso.zip.zip (contains "MFRG BULK ORDERSHEET 40118.Iso.zip.exe")

AgentTesla SMTP exfil server:
mail.mexicanproduct.com.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 05:46:05 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jixspwsbdf5kwudbj5gcfw2crrg2lks6va656cqz6txrf7ix7lga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 4a2f27da41197aab50614f4c22db428c4da5aa5ea83ddf0a19f4ef12fd17facc

(this sample)

AgentTesla

Executable exe 5fa6d5ca99ca4c692ad1ade841e71ba01dd0cfba4f3c0bb40d42fc99e512f798

  
Dropping
MD5 0d5feebcd0167ee465e9fc3841cc545c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5fa6d5ca99ca4c692ad1ade841e71ba01dd0cfba4f3c0bb40d42fc99e512f798

Comments