MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a93d05de71ee9b1ec75ada59860447314b506884aa6af444e8f01f6ed79f9c61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a93d05de71ee9b1ec75ada59860447314b506884aa6af444e8f01f6ed79f9c61
SHA3-384 hash: 53a32581587048a611c69d0dc2b099a6d49a24d28834ae2b637045dab25f474f14030389a9dd5648cdfb33942688eae6
SHA1 hash: c8479b167ffd902da4940c0fe6544db5c3de792f
MD5 hash: a9f7500f0f64ab1411d74f074ced2aa4
humanhash: golf-vegan-may-tennis
File name:Purchase order pdf.7Z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:393'116 bytes
First seen:2020-07-16 07:16:02 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:ZxBLpRn0AVph4Gpq+3ZivAre7a8BLy3yg6weFWzxryOwrRWMq6r:vBX0Uu5Areu8BLyEM1r0WMtr
TLSH 998423D4CFD56B6A77A818C3A70789683968D1A2CDEF5374B13456E22E3E274C4C909C
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mx1619.godns.net
Sending IP: 76.74.198.73
From: escriba.cintia@innova-ing.com
Subject: New Purchase Order
Attachment: Purchase order pdf.7Z (contains "Purchase order pdf.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27342.RarHeur.v5.HideExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a93d05de71ee9b1ec75ada59860447314b506884aa6af444e8f01f6ed79f9c61/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-07-16 07:17:06 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ve6qlxtr52nr5r223jmymbchgffva2eevjvpirhi6apw5v47trqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z a93d05de71ee9b1ec75ada59860447314b506884aa6af444e8f01f6ed79f9c61

(this sample)

AgentTesla

Executable exe faa706545212465c95b5f5e3b8b86be591d00d55601c0cb0922812d7b20e658c

  
Dropping
MD5 18283ebe76fc046e236ee55e21e4f8c2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 faa706545212465c95b5f5e3b8b86be591d00d55601c0cb0922812d7b20e658c

Comments