MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4eb4847b14b4f24f7231ec47fdeb6e875cd1a79f6484bd1bbee6b009bccbe02b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4eb4847b14b4f24f7231ec47fdeb6e875cd1a79f6484bd1bbee6b009bccbe02b
SHA3-384 hash: b1ecba1eb761ca836074b9edeb6337b71ee0c813add02fac05b70e8e555c91eacf436e6565cdd48ec00870fe6f59fedd
SHA1 hash: 2c5e308f83894a29878ff1b3c09f2b9d9e88c1a4
MD5 hash: 75de104c786c377427837a1710c6f027
humanhash: blue-blossom-whiskey-high
File name:Declined Payment Account Details_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:390'591 bytes
First seen:2020-05-28 06:49:14 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:8amm7/tRL3MIQE1tIi5Hkan9fz9bQmzG7XazRoanG5aeWh07zNW5Vkn2M1YQjrqe:bnVQE1thOa9fz9bQ1Xhae+KxWP2tC1p2
TLSH DB8423A53871E223CB43054CFA0E0E8A491A5D56F666F86C93A1EC3FC46E57806DB3CD
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: lif.lifecare.com.my
Sending IP: 198.20.247.243
From: Finance & Accounts Department <account@protocolo.pt>
Subject: Problem With Intermediary Bank
Attachment: Declined Payment Account Details_pdf.gz (contains "Declined Payment Account Details_pdf.exe")

AgentTesla SMTP exfil server:
smtp.anding-tw.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.fc.4709.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:38:10 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
18 of 47 (38.30%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 4eb4847b14b4f24f7231ec47fdeb6e875cd1a79f6484bd1bbee6b009bccbe02b

(this sample)

AgentTesla

Executable exe ae9b67b930e3be156a9d7845efd534e763aa7fca2b9870d3c3af6991174fa1d5

  
Dropping
MD5 8d746b58c936ecb880230284b3a12572
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ae9b67b930e3be156a9d7845efd534e763aa7fca2b9870d3c3af6991174fa1d5

Comments