MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a8063a93f849a65cdd4ae52fff7ad9857764ed81e1a541f6d0e1cf2964da2f2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a8063a93f849a65cdd4ae52fff7ad9857764ed81e1a541f6d0e1cf2964da2f2f
SHA3-384 hash: db5a61d3be53a038a25489972dda09932dc368795991bdc4af6a8cb42ccc8a131b0efce7c928b40f6c9c4bc1333c9794
SHA1 hash: e17e8e448f405e8419e70fae998f2b4c00725f19
MD5 hash: fca1e8446b90fd92ff6536e89651a30a
humanhash: four-mars-mirror-jersey
File name:FEDEX Online Customer Advisory AWB, BL Draft Commercial. Invoice 202005173534231.pdf.r27
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'008'623 bytes
First seen:2020-05-25 12:25:40 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:zWwOwSWdJ8426Vnzg2LFSvfmlOG1p7TgBDmTBWpKz:zb+W0426hzg25lf70BDm9L
TLSH 8925334E658157E0F1B13510FCEEDA3D79EBB5F986AC232E6FA9063085C456DF8A4308
Reporter abuse_ch
Tags:AgentTesla FedEx r27


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: wklaser.com
Sending IP: 51.254.246.181
From: FEDEX<cindy@wklaser.com>
Reply-To: nofia.putri.siemens.com@bk.ru
Subject: Delivery Address Error (Please advise ASAP)
Attachment: FEDEX Online Customer Advisory AWB, BL Draft Commercial. Invoice 202005173534231.pdf.r27 (contains "FEDEX Online Customer Advisory AWB, BL Draft Commercial. Invoice 202005173534231.pdf.exe")

AgentTesla SMTP exfil server:
mail.zarkom.rs:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 12:37:09 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip a8063a93f849a65cdd4ae52fff7ad9857764ed81e1a541f6d0e1cf2964da2f2f

(this sample)

AgentTesla

Executable exe db183fbb41e6ac88f64e72c8b5b21ff971530789ff2ff1df1f5a8d8827b4ded6

  
Dropping
MD5 c9f2d269954381becc756a2afc53e4f9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 db183fbb41e6ac88f64e72c8b5b21ff971530789ff2ff1df1f5a8d8827b4ded6

Comments