MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa052f3bbb0d3cccd70dbe786df6197ff74e32e1079ac506555b7b4f03c20165. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa052f3bbb0d3cccd70dbe786df6197ff74e32e1079ac506555b7b4f03c20165
SHA3-384 hash: 233ed705a1bc233ed4ee78b0717d28473d2f6390bd69f828f21d1bb0377d004a5f51cab3ee2c548492a2c2843b5a5936
SHA1 hash: 76c190ec5b0678e595fc4139969e105aa4aef402
MD5 hash: aac6f1bb4b933b14e81369aea2de83f2
humanhash: yellow-triple-don-november
File name:Quotation United Trading.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'021'544 bytes
First seen:2020-06-16 05:10:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:5Qy34BszTUfyj2NL9D7JSVX3D6vE6xfOpL/lD4blN2TLJSHPy82:5F34+/ghp7JSVX3DAKLBCALUHL2
TLSH F4253380B95D2E066E03D3B7D3C04368F2249189FB28A7747FF9AA4991CE4D9163716F
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: urbecom.dns-es.com
Sending IP: 85.208.102.28
From: Zakaria Al-Zobaidy | Commercial Manager <info@dornier.com>
Subject: Re: Quotation Request New Partnership
Attachment: Quotation United Trading.zip (contains "Quotation United Trading.exe")

AgentTesla FTP exfil server:
ftp.mse.com.cy:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 05:12:08 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vics6o53bu6mzvynxz4g35qzp73u4mxba6nmkbsvln5u6a6cafsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip aa052f3bbb0d3cccd70dbe786df6197ff74e32e1079ac506555b7b4f03c20165

(this sample)

AgentTesla

Executable exe 4afdd7386b6ad197804804056bc5fbd985844ab55d8068d25a0199f0551c84cb

  
Dropping
MD5 64d2d02cd20c25162468863374d514f5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4afdd7386b6ad197804804056bc5fbd985844ab55d8068d25a0199f0551c84cb

Comments