MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ec6f33aed9997c5ae03f1738402336ec6f54ad0e68ccf969d0e0457785f8c76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ec6f33aed9997c5ae03f1738402336ec6f54ad0e68ccf969d0e0457785f8c76
SHA3-384 hash: ed5fcaa16ac51de08b579ebcbc424d0e3a94ea10ec46d5f646a2a43d4b08818127232d39d27f776dc888dd3681fe6957
SHA1 hash: 4d10d4f94103f9c2392fe7599575487f883bf68d
MD5 hash: bbbf865eac7a009891e4311dfb6062d0
humanhash: island-white-nevada-butter
File name:solution fighting COVID-19_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:628'382 bytes
First seen:2020-04-06 08:18:56 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:05gKWEazkvO/vTm9h93h57ZawmLTFZIChfMrJe/ru+qwF7iLP519lnbuf:0dW37vK9hvawSZIPJoru+Zq/H+
TLSH 79D4232FA55FA467CEB4619A0C106ECD650C04FD7FCC8A21EE8B36FA6944B47DB32911
Reporter abuse_ch
Tags:AgentTesla COVID-19 gz


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: staging.maykenbel.com
Sending IP: 195.12.49.182
From: Johnny Meng <thanh@oriontex.com.cn>
Subject: SOLUTION FIGHTING COVID-19
Attachment: solution fighting COVID-19_pdf.gz (contains "solution fighting COVID-19_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Smdd-6956905-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

SecuriteInfo.com.Trojan.PWS.AgenslaNET.1.17606.18472.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 08:48:02 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
32 of 47 (68.09%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=j3dpgoxntgl4llqd6fzyiartn3dpkswq42gm7fu5bycfo6c7rr3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 4ec6f33aed9997c5ae03f1738402336ec6f54ad0e68ccf969d0e0457785f8c76

(this sample)

AgentTesla

Executable exe c1e5a204723efe860b161729d087dd50111eba4ab2ad1bc8c2584a2ac888f6f8

  
Dropping
MD5 9664f1824f7ca683723c94c7d543e554
  
Dropping
SHA256 c1e5a204723efe860b161729d087dd50111eba4ab2ad1bc8c2584a2ac888f6f8
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c1e5a204723efe860b161729d087dd50111eba4ab2ad1bc8c2584a2ac888f6f8

Comments