MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 792c9e4be29821a9b6eccfe39eee8dca6694009b2da1bf35c421f54e0a756e3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 792c9e4be29821a9b6eccfe39eee8dca6694009b2da1bf35c421f54e0a756e3e
SHA3-384 hash: ff245b9394b4889e24eb7dab05096a6132331da9c74d749df22d05148a7e6a16a05576f9c2aa58ae0f9c20a19079156a
SHA1 hash: 5b6ccde50805368b9387f3a6f4b409b73c0a9b9f
MD5 hash: bbdf14ac6b23c365ec6ebeb637d45c18
humanhash: king-failed-kansas-kilo
File name:0000000000000758.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'149'298 bytes
First seen:2020-05-28 12:44:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:IPHm22UBfXo1nmBDQBFXD4BNRW3/5UkwWkPz/81WdFmsDU0rh/cn7EzgWJY8QwQT:PmBsBFXD4LkwxdUm44zgdxFeszpfMKZX
TLSH 8335333630536CF8366BB3129C437325C693E817F8E5469D571CB9352AAA3FCA209E1D
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: stantex.com.tw
Sending IP: 103.99.1.147
From: Becky <becky@stantex.com.tw>
Subject: RE: 201-5198/5256/5277/5330 Style WL,WW 1068 PDM 059200 Additional Purchase-PI#TPI1-2005027506~9-INV#TIN1-2005260001
Attachment: 0000000000000758.zip (contains "0000000000000758.exe")

AgentTesla SMTP exfil server:
mail.rajapindah.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27681.XorExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 13:38:03 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
17 of 47 (36.17%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 792c9e4be29821a9b6eccfe39eee8dca6694009b2da1bf35c421f54e0a756e3e

(this sample)

AgentTesla

Executable exe 5bcb89f68765d1a0ab03d8bb80b4291684026d81007bcb0a1fef37932dc04f97

  
Dropping
MD5 aa20f88b76d3e2657458523b69b764a3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5bcb89f68765d1a0ab03d8bb80b4291684026d81007bcb0a1fef37932dc04f97

Comments