MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a6babd63e5b51a5f3c4993993b40c3aa64fb7dea3674ab12085aa0c54a15f89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 5a6babd63e5b51a5f3c4993993b40c3aa64fb7dea3674ab12085aa0c54a15f89
SHA3-384 hash: ac18f2e3c73d63c988ba1d49a45fc284799d68c644b214ed8707b870341fe360a91a892ccc19fc16055e8efd418ebced
SHA1 hash: b979b935c21d5432767121e983e977210f818742
MD5 hash: bff16c57e8f940a7f1267ceb8416cb5d
humanhash: texas-massachusetts-salami-cardinal
File name:SUNCOAST-EML-purchase order.XLS.zip
Download: download sample
Signature AgentTesla
File size:451'158 bytes
First seen:2020-07-31 12:16:13 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:yIliEixoW1eCHWvCK2uEppp2Up/VQUoMznLaGpuuzrh:yIHiF1Qrliz2qUMLL1bh
TLSH A1A423ADBFCC3505CA0BBA323A1959DE21DAAF4D1E5320492F7F912D46446D3F6E0B21
Reporter @abuse_ch
Tags:AgentTesla zip


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: suncoastmarketing.com
Sending IP: 23.159.176.84
From: Silvia Brull <purchases@suncoastmarketing.com>
Reply-To: Silvia Brull <purchases@suncoastmarketing.com>
Subject: FW: Purchase order
Attachment: SUNCOAST-EML-purchase order.XLS.zip (contains "SUNCOAST-EML-purchase order.XLS.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
33
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
High
Geo location:
IT Italy
Volume:
Low
Vendor Threat Intelligence
Threat name:
Win32.Trojan.DataStealer
Status:
Malicious
First seen:
2020-07-31 11:26:49 UTC
AV detection:
19 of 31 (61.29%)
Threat level
  5/5
Threat name:
Trojan
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 5a6babd63e5b51a5f3c4993993b40c3aa64fb7dea3674ab12085aa0c54a15f89

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments