MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a161ea90bcb892ba6a437d46db7a200e35c5e37786282f06c2926c601cb46fb0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	a161ea90bcb892ba6a437d46db7a200e35c5e37786282f06c2926c601cb46fb0
SHA3-384 hash:	e74c8bc15dc56bdf85d5a466de61c2fb53df25fb78b1b87e249eaa9d0a390b73519b26139d08b3e395e7df09c756d854
SHA1 hash:	ccccc9835ed8313a2d8c7c1b27f83a76d2a0ee66
MD5 hash:	04cb64f263b8d5ca150327b91c1cac34
humanhash:	music-nitrogen-twenty-comet
File name:	June_Order.zip
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	1'081'824 bytes
First seen:	2020-06-01 20:13:08 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24576:Bcvg5BZwRRZHHbZBIXmbiVCg6/HiJ0Xvh8ZS/X9J9dkcfzV8Peu4kK/l:Bc8PwRvHbZ22vKJcJ/v9dxfx8mPdN
TLSH	DC35335238840F52D61D9D253EA418DCEE64FDAA4F189F0C3D1AA701B2A9B9F1F7F046
Reporter	abuse_ch
Tags:	AgentTesla zip

abuse_ch

Malspam distributing AgentTesla:

HELO: vps.hnsolutions.in
Sending IP: 204.93.168.157
From: Mr. N.K. Kashyap<online@swastikjewellers.com>
Subject: Re:Urgent Reply Needed.(Please quote)
Attachment: June_Order.zip (contains "June_Order.exe")

AgentTesla FTP exfil server:
ftp.bmdonline.ro:21