MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4fb00a91b1354d8420917f016c2f314aab25daa92fb3ed07f848ff22a5cdd5ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4fb00a91b1354d8420917f016c2f314aab25daa92fb3ed07f848ff22a5cdd5ff
SHA3-384 hash: c99c81b4a7eeb1f74d06daddbc1838ac06983b268205c745f048f55cf5873907dc9fb9206c8d1287846e67265c5c64a8
SHA1 hash: 9acfbf401ffe024bd7679a3e4db8939a44bcca7c
MD5 hash: 6b6fc6f6785c6518ddfafd386327ba74
humanhash: cold-winter-minnesota-dakota
File name:9e0braIF6GqN11c.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:483'092 bytes
First seen:2020-06-10 07:33:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:cEJqK1mHleuc3sgpZWxIVG2aDyDjDNoJbl4P8:cEHmHgYiVG3sPaG8
TLSH E9A42363C9EDC9630B8114FDD8DBDD6D82A17A13A7B385D8A9B6404C28B8CC24DCC767
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp72.iad3a.emailsrvr.com
Sending IP: 173.203.187.72
From: Accounts Payable Department <dokar@dokarputramandiri.com>
Subject: Payment Reconfirmation
Attachment: 9e0braIF6GqN11c.zip (contains "9e0braIF6GqN11c.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Spyware.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:35:06 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=j6yavenrgvgyiierp4awylzrjkvslwvjf6z62b7yjd7sfjon2x7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 4fb00a91b1354d8420917f016c2f314aab25daa92fb3ed07f848ff22a5cdd5ff

(this sample)

AgentTesla

Executable exe 162a5aa5e6e0298edbae1a494d2a3e177f0fb42b1c2e35eaecdbe1715d519694

  
Dropping
MD5 2a2e788233378b34631ff35bd458bae3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 162a5aa5e6e0298edbae1a494d2a3e177f0fb42b1c2e35eaecdbe1715d519694

Comments