MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9387a39eaf67c5f02ad9a31e687d2300d0d58df0117d20d8ffc2d06b20dba550. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9387a39eaf67c5f02ad9a31e687d2300d0d58df0117d20d8ffc2d06b20dba550
SHA3-384 hash: 233797d2c2cc10e95306b6aea8da44b4ca68b343aa1c07a661a65e7b184533a14d9774ab895914b01cd38f9b5328258f
SHA1 hash: 4fb033158744178697ccc4084cfe958ea80d24ad
MD5 hash: 0fa41f602577ecb1f024481178e519cb
humanhash: steak-leopard-vermont-mexico
File name:ORDER01611PDF.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:285'593 bytes
First seen:2020-06-04 07:21:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:bGAs5DOC25tGjBKqK2aRWFZZh5KIIOo7ijmMsNeB/QRrVpSzPR:bGAs5QkKrIdh55JogF2M+V4zZ
TLSH BD5423E138CD47CC5013F25930BF05EB8E694C5692ED7AD58F90A66221AA326FF51C1E
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.eben-ezer.es
Sending IP: 146.255.101.138
From: Tapani Koskimies <Logistics Coordinator> <tapani.koskimies@egavrielides.fi>
Reply-To: Logistics Coordinator <worldnetofficemailer@gmail.com>
Subject: New Order Confirmation_01611PDF
Attachment: ORDER01611PDF.7z (contains "ORDER01611PDF.exe")

AgentTesla FTP exfil server:
ftp.bmdonline.ro:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
Win32.Malware.Drodzp
Create hunting rule
Status:
Suspicious
First seen:
2020-06-04 07:37:27 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sod2hhvpm7c7akwzumpgq7jdadinldpqcf6sbwh7yligwig3uvia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 9387a39eaf67c5f02ad9a31e687d2300d0d58df0117d20d8ffc2d06b20dba550

(this sample)

AgentTesla

Executable exe cc6d907cd248ce25a61d6d7b998e8a7ec6e5ee7e5eb63334365601efb9ee2c8d

  
Dropping
MD5 d16ff10087a8bb9e83bd85dd29e42990
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cc6d907cd248ce25a61d6d7b998e8a7ec6e5ee7e5eb63334365601efb9ee2c8d

Comments