MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a46e1e8c2a1a3fbb4360afce29ab8499074293d69825b53be8d46c318cf34d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a46e1e8c2a1a3fbb4360afce29ab8499074293d69825b53be8d46c318cf34d8
SHA3-384 hash: a5881fa2b51259a1538e06ec935df87d8c190004205b1d5f9e9585c2fa7d66f0e07c55e64347573c13580bbe219aadd2
SHA1 hash: 06359774dec234ecd7cca8b364222e2cc1995e5b
MD5 hash: d09e2046edfd4881f13f65a76a474ab9
humanhash: california-yellow-beer-mississippi
File name:ORDER48543XC328-ORDER4856CC38219-pdf.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'013'148 bytes
First seen:2020-06-04 06:40:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:8jIi8t5EZ8g0/rSLIr1bmy2+HFgqhN5jjnEbxIjOMuGfSrjUA:8jF+qx0/rkwKyfHFgON5PElIqToSrjUA
TLSH 282533D262A4293487A91858C9E89803CBFC53AB648E20C5777E95C7C13ADC1EBD537F
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: chdinformatica.servidorplesk.com
Sending IP: 91.142.217.106
From: Coelho Carlos <Carlos.Coelho@jungheinrich.pt>
Reply-To: Coelho Carlos <dustiutd12@hotmail.com>
Subject: Fwd:Order From Specific Customers
Attachment: ORDER48543XC328-ORDER4856CC38219-pdf.7z (contains "ORDER#48543XC328-ORDER#4856CC38219-pdf.exe")

AgentTesla FTP exfil server:
ftp.kassohome.com.tr:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 07:37:19 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=njdod2gcugr7xnbwbl6ofgvyjgihikj5ngbfwu56rvdmgggpgtma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6a46e1e8c2a1a3fbb4360afce29ab8499074293d69825b53be8d46c318cf34d8

(this sample)

AgentTesla

Executable exe 49b98efdc479198044215a6975de4ecff0fa88c96dff706f9f9038d92776fa69

  
Dropping
MD5 022175ca75c05e2d494c1bf5da183902
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 49b98efdc479198044215a6975de4ecff0fa88c96dff706f9f9038d92776fa69

Comments