MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 539390e336799388ea85efa7a81fa458f4952615a5d28b61c0ee12e770060922. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 539390e336799388ea85efa7a81fa458f4952615a5d28b61c0ee12e770060922
SHA3-384 hash: b2e13c9179c5f7b3b442be6c0a355a06a707aa54b8411ad8584076603abf2c12dfaf5c2554bb6b497067b9e5cb485792
SHA1 hash: 0eb6dfb13c3ec967eef3a173c37b9c5af6db0bd6
MD5 hash: 5da54b5c08c1da448e0700f0f0a645b3
humanhash: uniform-juliet-south-massachusetts
File name:hitno naređenje.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:397'858 bytes
First seen:2020-06-17 06:53:20 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:XQTObplDe+GY7ps7pEXQB9J3a/DNs6ET3YdijZxU8YbtZg2x9Hp5TTFPw6otXbQC:Xzb2+x83p3aYZpkZg2x9XC6ui2
TLSH 48842309F4AEA2316C8364BC0F2FF9868E2697C431E47C5C8CB7A2F455568DC96D49E3
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: marko stefanovic <dejan.vukic@adamsped.co.rs>
Subject: Fwd: Re: Re: novi nalog za kupovinu
Attachment: hitno naređenje.zip (contains "hitno nare#U0111enje.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Generic.fc.30295.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 06:54:06 UTC
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kojzbyzwpgjyr2uf56t2qh5eld2jkjqvuxjiwyoa5yjoo4agbera._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 539390e336799388ea85efa7a81fa458f4952615a5d28b61c0ee12e770060922

(this sample)

AgentTesla

Executable exe 7d1090ba9b026dcb58c9663b738214ff170b0dfdb10ebb2d33e3806b9ecf2990

  
Dropping
MD5 b3c8241315e82b8c3547f038ea635f3c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7d1090ba9b026dcb58c9663b738214ff170b0dfdb10ebb2d33e3806b9ecf2990

Comments