MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4bf168c3bc36f541b2c350d093eef0878ec8901634112b1910a52bdfc9ab71c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a4bf168c3bc36f541b2c350d093eef0878ec8901634112b1910a52bdfc9ab71c
SHA3-384 hash: 84a4eabcb5a78ec8ef52dd3a54d3623336268f1ff92ca0682e47c57f50978d57bb7fda1ad9a89b1e47f9c82da885ddcb
SHA1 hash: 72f780c3a7d65f4c983cf0001a49f5eadd804e12
MD5 hash: c624bedc87681e78f038524602dfd0a8
humanhash: fanta-three-nitrogen-river
File name:TNT Express Invoice_pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:278'635 bytes
First seen:2020-06-10 10:26:17 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:/pLsbroja+B8AfsuB0u/DoWXY4F3kdeuc6MP8zWLu96bvwXS:/xakjQ10kIYPMucJcT6sXS
TLSH 53442370A8587BC4BB73942F98598BA316C065EA0E44CB3D8521847E38B47F544B6FBE
Reporter abuse_ch
Tags:AgentTesla TNT zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: zeus.webex.gr
Sending IP: 46.4.69.158
From: TNT EXPRESS <service@tnt.com>
Subject: Consignment Notification: You have A Package With Us
Attachment: TNT Express Invoice_pdf.zip (contains "TNT Express Invoice_pdf.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7660762-0
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 10:28:05 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=us7rndb3ynxvigzmgugqspxpbb4ozcibmnarfmmrbjjl37e2w4oa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip a4bf168c3bc36f541b2c350d093eef0878ec8901634112b1910a52bdfc9ab71c

(this sample)

AgentTesla

Executable exe c6b9aa153f524bbbda4626543e2d31e9f298337270b0299996ae91920bfa3fad

  
Dropping
MD5 ff830e12aed6c29816feaa91bef1ca58
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c6b9aa153f524bbbda4626543e2d31e9f298337270b0299996ae91920bfa3fad

Comments