MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab0ad177c9ec0aa4d3b0c7a16395d5d793ff997c390725f2a6e4a84a95302b39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab0ad177c9ec0aa4d3b0c7a16395d5d793ff997c390725f2a6e4a84a95302b39
SHA3-384 hash: 692c03c14934c31f3b17e6a512b830a9df41ab7e7240cbcb36661f530a011af3d2de1eaa8fe107607478f59014f05322
SHA1 hash: 9298d40739e6d654e96a63c84c15706034b5a069
MD5 hash: 5d6c731863077b98baf7136d249a1a96
humanhash: mirror-washington-hydrogen-blossom
File name:NEW ORDER.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:480'246 bytes
First seen:2020-05-26 11:13:31 UTC
Last seen:2020-05-26 14:59:51 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:w61Ogrs41ZqCPaUcpnmXdMnEDM1F8Q0UK:w61OSPqCyTpn+jA1SQ1K
TLSH F9A423865106490999021F93F7DD9DF488F873D980834D96ED48A6EC084B3B6F1B79EF
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: servers.com
Sending IP: 185.234.216.137
From: Christian Zeiler<secureserver@servers.com>
Subject: NEW ORDER PRODUCT
Attachment: NEW ORDER.zip (contains "sam334.exe")

AgentTesla SMTP exfil server:
mail.shrc-india.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:37:07 UTC
File Type:
Binary (Archive)
Extracted files:
295
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ab0ad177c9ec0aa4d3b0c7a16395d5d793ff997c390725f2a6e4a84a95302b39

(this sample)

AgentTesla

Executable exe c04c4bb521cb18dc16fbacc4220c0f854bfadfdc0c016ec6fd868d52fe8c3e08

  
Dropping
MD5 09f3daddaec326433de907b3653d58e5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c04c4bb521cb18dc16fbacc4220c0f854bfadfdc0c016ec6fd868d52fe8c3e08

Comments