MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 515626afbb0e896142d72f8daa29d6e171f8d72cc6ff79a7274e8382833778bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 515626afbb0e896142d72f8daa29d6e171f8d72cc6ff79a7274e8382833778bd
SHA3-384 hash: fbf0a055ff1babfa80f4b9c016df3386b35e58ed324fa1f783d909563f601de69523918711b74f1fa7427995781f6212
SHA1 hash: 477b8ba4eb103bda8874d2b0a442b79fd58a4793
MD5 hash: e4ab1fd5ffd7477b652bbb0046ccc8d1
humanhash: stairway-march-muppet-bluebird
File name:OBJEDNÃ VKA 49384CF1900-pdf.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:285'831 bytes
First seen:2020-07-16 07:56:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:6wP1zN2JSnK+HwLj05K6nFsD1WoFQZRDSFA48z8:R1zN5KrP05ZFo1WJvDQ8z8
TLSH 2754235A65A75F930D0481F8B9F0FD45B1E112ECBDA1C228FAE3F961C8900D629DCD6B
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gyp.gr
Sending IP: 46.227.62.27
From: "Oleoestepa S.C.A" <direccion@oleoestepa.com>
Reply-To: "Oleoestepa S.C.A" <dustiutd12@hotmail.com>
Subject: ŽÁDOST O CENU
Attachment: OBJEDNà VKA 49384CF1900-pdf.7z (contains "OBJEDNÁVKA #49384CF1900-pdf.exe")

AgentTesla FTP exfil server:
ftp.samarasae.gr:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/515626afbb0e896142d72f8daa29d6e171f8d72cc6ff79a7274e8382833778bd/
Threat name:
ByteCode-MSIL.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 07:58:09 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kflcnl53b2ewcqwxf6g2ukow4fy7rvzmy37xtjzhj2byfazxpc6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 515626afbb0e896142d72f8daa29d6e171f8d72cc6ff79a7274e8382833778bd

(this sample)

AgentTesla

Executable exe a2f6070d226ea3e37126cf9a65bdc444d9fd0cf3ffe14cc2b0fa1169f5230924

  
Dropping
MD5 d9df463bcc95bdb30ec68992c6264ea4
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a2f6070d226ea3e37126cf9a65bdc444d9fd0cf3ffe14cc2b0fa1169f5230924

Comments