MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3e1a6eda0ad2362882a6f524a3792525c1c7ea7c6d601d113e9f285b63ada0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3e1a6eda0ad2362882a6f524a3792525c1c7ea7c6d601d113e9f285b63ada0e
SHA3-384 hash: 52411f1b2fa6819e05faffebc4eca7a6da58892a32bb96a15e282aa158d46df5f7cc540787012d2bc911f44a6a7493fe
SHA1 hash: 21c947c6ae6f9b8cd100042d2a18bd6d204f7f93
MD5 hash: cbc06b548fb983f2c25c8f121a7113c7
humanhash: finch-carpet-happy-stream
File name:FedExi jälgimisandmed-pdf.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'000'600 bytes
First seen:2020-06-10 09:59:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:cnEqTNaqMai5TK2ev679fWYTZnO2C5VXLLakqVypOH:cnENq0eMtZHC5Z/uVB
TLSH 212533EB6C19163719C4F6EFC00F889EDD605B71DBA4CA8970D04E2C99F6151E68C2EB
Reporter abuse_ch
Tags:7z AgentTesla EST FedEx geo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.linux61.papaki.gr
Sending IP: 138.201.206.39
From: Marta Slowinska (FedEx) <marta.slowinska.osv@fedex.com>
Reply-To: Marta Slowinska (FedEx) <dustiutd12@hotmail.com>
Subject: FedExi kohaletoimetamisteade
Attachment: FedExi jälgimisandmed-pdf.7z (contains "FedExi jälgimisandmed-pdf.exe")

AgentTesla FTP exfil server:
ftp.kassohome.com.tr:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 10:01:05 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=upq2n3navurwfcbkn5jeun4skjoby7vhy3laduit5hzilnr23iha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip a3e1a6eda0ad2362882a6f524a3792525c1c7ea7c6d601d113e9f285b63ada0e

(this sample)

AgentTesla

Executable exe 7110352db47f521e368dd817fe3a7cd38a0ccf8b65745d623c2967fc8f1f1f5d

  
Dropping
MD5 9539ad8ac1e5521af2e289a2cf149fd8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7110352db47f521e368dd817fe3a7cd38a0ccf8b65745d623c2967fc8f1f1f5d

Comments