MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9153f8e3af8b2d81d5785f396eca87c1589ad9c0917bad836b515e3695379ae2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9153f8e3af8b2d81d5785f396eca87c1589ad9c0917bad836b515e3695379ae2
SHA3-384 hash: a1ba527a5d5f442f55cf16d0c2d8c859de2521dafb07fe4508178331e61a40d659a34bd716334ab14e484e978d37de7d
SHA1 hash: 3c5aa24af6d861a48a49376ca65a93de74e242dd
MD5 hash: a54ea230f832ac1f94b8057b734641bc
humanhash: fruit-cold-carbon-mexico
File name:09000000000000900.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:365'028 bytes
First seen:2020-05-04 21:56:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:wcNl/BxdEBCoQQ/iDxuKYiASdnCFMf7cNDMOjKtXPQ7K+uXjGAMXzq1sYl/bKs8V:wkizt6xuK7nCCfgzWPUTuSASasYsl
TLSH B07423E63687E120C8FD126B8C224320B67BBC1968F95589B8B5CFD752EDBC9D2464C4
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mono.avnam.net
Sending IP: 190.210.186.210
From: MarĂ­a Guadalupe. <contacto@jcplastics.com.mx>
Reply-To: contacto@jcplastics.com.mx
Subject: Verificar factura
Attachment: 09000000000000900.z (contains "09000000000000900.exe")

AgentTesla SMTP exfil server:
smtp.ionos.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VSM.835.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 03:19:30 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sfj7ry5prmwydvlyl44w5suhyfmjvwoasf523a3lkfpdnfjxtlra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 9153f8e3af8b2d81d5785f396eca87c1589ad9c0917bad836b515e3695379ae2

(this sample)

AgentTesla

Executable exe 5a0097d91be843b78f66434a1035a1d2b2c7712b7a0b16d1004c1a9043327da4

  
Dropping
MD5 7da606101d33f42030963303a15d1d33
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5a0097d91be843b78f66434a1035a1d2b2c7712b7a0b16d1004c1a9043327da4

Comments