MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b05b05f35abad8b7286cd6b0e6ce6912fe9519bfcf7524b4759edbf4b697c240. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b05b05f35abad8b7286cd6b0e6ce6912fe9519bfcf7524b4759edbf4b697c240
SHA3-384 hash: 5cdc24fb14ce3b3bb3489c1363b547cf6c187de63bb451bd15d95679d13425fbf1bd54cfbcd72c445e9b0cd2ffbe3403
SHA1 hash: 474633448e96f0e04112fd6ad0f62498fbc32297
MD5 hash: d18a548409408e2fc855b8e9c2a4e36d
humanhash: montana-kilo-uniform-island
File name:285100727000782928_PDF.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:518'509 bytes
First seen:2020-05-01 12:28:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:winGclJj6x749loHWvmmYibVTUtL/sKHccR2L35DUZH:wiF0WvfbVUtZHccRq3+ZH
TLSH 19B423DAEB7384AE05DA7CE59A144FD1191339B046EB024369A10C90377FB637ED8C7A
Reporter abuse_ch
Tags:AgentTesla geo HRV zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server4.justsee.co.in
Sending IP: 180.179.34.100
From: Sberbank <izvodi@mail.sberbank.rs>
Subject: Mesečni izvod za kreditnu karticu
Attachment: 285100727000782928_PDF.zip (contains "285100727000782928_PDF.exe")

AgentTesla SMTP exfil server:
mail.acroative.com:587

AgentTesla SMTP exfil email address:
jn@acroative.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.LokiBot-7744093-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Injector.ELSC.32193.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 12:35:49 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
32 of 48 (66.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wbnql422xlmlokdm22yonttjcl7jkgn7z52sjndvt3n7jnuxyjaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b05b05f35abad8b7286cd6b0e6ce6912fe9519bfcf7524b4759edbf4b697c240

(this sample)

AgentTesla

Executable exe a21c8651404d572a8074ffe3fbe15aadf04f2a85d57333dae44f253a7c0a5e03

  
Dropping
MD5 ca68d747c741dd5ab35eff7e1e794da3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a21c8651404d572a8074ffe3fbe15aadf04f2a85d57333dae44f253a7c0a5e03

Comments