MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6218666f67374a3e83c49759720650f72526b11872f4e97ae135f40e2a5cad73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6218666f67374a3e83c49759720650f72526b11872f4e97ae135f40e2a5cad73
SHA3-384 hash: 50a9abff65a59cc0b667ef410be17643486cbe800f3b1184004e9ea40ab32a64f9be32a5c9211cd91324aa106521dd2a
SHA1 hash: a3af5978bcc35abb8b788978759d8819aaf58a7d
MD5 hash: a4b074ca7d0517fe342d05c9969d0f3c
humanhash: grey-harry-salami-massachusetts
File name:Purchase Order 28052020.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'160'565 bytes
First seen:2020-05-28 06:14:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:79YmBsBFXD4LkwgemYKr4k2nIm/mmUifK19I++JaoB/pb:hLaZ4owLED2D+ZmK1oBB/pb
TLSH 4835333A64D7DCD82B3F60269D99743C81C3E925D5F0C28C84DAFAB55B5F4EAB00492B
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ati-amp.com
Sending IP: 45.153.240.178
From: sales@ati-amp.com
Subject: New purchase order for your reference
Attachment: Purchase Order 28052020.zip (contains "Purchase Order.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.20845.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 04:02:03 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6218666f67374a3e83c49759720650f72526b11872f4e97ae135f40e2a5cad73

(this sample)

AgentTesla

Executable exe 60050da2917119e4a27e73f0c6e8c77e5584491c8bae5cab63f99f64349c217d

  
Dropping
MD5 0c4d725d30dab9feb43639ba7ff42797
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 60050da2917119e4a27e73f0c6e8c77e5584491c8bae5cab63f99f64349c217d

Comments