MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aebaa928a7a6afebed8a60d6d37f06c8bcb9af2b2eea0f94ba041fec9beec10c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aebaa928a7a6afebed8a60d6d37f06c8bcb9af2b2eea0f94ba041fec9beec10c
SHA3-384 hash: ee3a7e7cd239d9f7c0101223deae59d1b26505f88aaf0a7a32507cce23c0fcf71be9d69ad1cc1680c35c2a232bf314da
SHA1 hash: b3be1c3a7ff1e1288341afbd136003d80daa6da6
MD5 hash: 028f4b3cc11e447d855e3b237a027dd5
humanhash: spaghetti-princess-thirteen-william
File name:enquiry.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:393'682 bytes
First seen:2020-06-15 12:21:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:7ObXF/FJLEFR5YEOBnXvdVsDKIyECogaWbDjlM/0O8LZwhm12Kpc1/:CLnJLQR5YhhdSOIpyxbD+cVgOa
TLSH 818423B863AF92EC93135E97D2A5EBEDCD7AD7872A636260240C01E578613BC7714381
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gauravfasteners.com
Sending IP: 192.3.9.189
From: Gaurav Gupta <gaurav@gauravfasteners.com>
Reply-To: Gaurav Gupta <roland.files2040@gmail.com>
Subject: enquiry
Attachment: enquiry.zip (contains "enquiry.exe")

AgentTesla SMTP exfil server:
mail.lotusgrandhotel.ae:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.generic.ml.7541.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Tisifi
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 10:34:31 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=v25kskfhu2x6x3mkmdlng7ygzc6ltlzlf3va7ff2aqp6zg7oyega._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip aebaa928a7a6afebed8a60d6d37f06c8bcb9af2b2eea0f94ba041fec9beec10c

(this sample)

AgentTesla

Executable exe 90c6b56f55742297280258483cd14c0d92575ba6692f9662a0282bb60eae089a

  
Dropping
MD5 8c55b8fb78847c74c2dbbebe321314d0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 90c6b56f55742297280258483cd14c0d92575ba6692f9662a0282bb60eae089a

Comments