MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5381cc317b2cb24383716ad41340af1ebcadaa8cdba93455cb7674e69885b8e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5381cc317b2cb24383716ad41340af1ebcadaa8cdba93455cb7674e69885b8e8
SHA3-384 hash: 3ff15126d42a702e029e50e929d87c8535527242145ff68119c027c4bf26d5b9ca32f334bd40d68207909cd7ce23da2f
SHA1 hash: 09b8339951754bd8b560dcb5ec854102ea72078e
MD5 hash: 06ed8d1b442b89757009e4306b932e29
humanhash: michigan-pennsylvania-ceiling-illinois
File name:New Order Pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'107'629 bytes
First seen:2020-05-13 11:58:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:pK4dONYxfuCiJ8ae4ACnRyhEdpAedhRwOlc6Yis5HRt14wIf:pKvSJm8ae43LUJO+6Yis4
TLSH C6353354FD65EBAC07676519A2623AFFF81023285D2146942C0FFB9FEB83C0561534AF
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: s111-ir-cpanel-trade.maindns.net
Sending IP: 185.165.116.18
From: Sulia Ahmadzulkifli <purchase.hanang-instrument@gmail.com>
Reply-To: import@hanang-instrument.com
Subject: Re:New order Measure instrument
Attachment: New Order Pdf.zip (contains "New Order Pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22623.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 12:35:41 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=koa4yml3fszeha3rnlkbgqfpd26k3kum3outivoloz2ongefxdua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 5381cc317b2cb24383716ad41340af1ebcadaa8cdba93455cb7674e69885b8e8

(this sample)

AgentTesla

Executable exe 56e440ec32a110de0a68f5f8455dbaba53427bfb942014fdc912160c67c3704a

  
Dropping
MD5 c3fed201c27db740726f380bd52151e3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 56e440ec32a110de0a68f5f8455dbaba53427bfb942014fdc912160c67c3704a

Comments