MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba0263a3164ca163c28dc1ae4790312b3f1a73ce186fc8907a218cfbaa18af5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba0263a3164ca163c28dc1ae4790312b3f1a73ce186fc8907a218cfbaa18af5d
SHA3-384 hash: ac2b90284afadb8f9f4cefebdca9d2dd348e5b21d3ab36ed453276a41b4d8e52d68508b9508513d5f98d2c33e6109f16
SHA1 hash: e3ccd1190ae47a520a42c618d01839a693369c38
MD5 hash: b6b9dd6781b27efa67554a0cefb35f9e
humanhash: timing-victor-quiet-juliet
File name:PAYMENT COPY.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:959'703 bytes
First seen:2020-06-15 11:55:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:bCMrCxF31M5m06Nlz2zpqnaoOJ/xbj1msHD:PrCxLjIpqaxNxbcsHD
TLSH E7153360FE74EDAC9A60AB7D5B0798BCB040E17091DB5C16AFCDE3E6225EF125230359
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: feyindustries.com
Sending IP: 191.101.130.232
From: accounts@feyindustries.com
Subject: Swift Advice
Attachment: PAYMENT COPY.zip (contains "PAYMENT COPY.exe")

AgentTesla SMTP exfil server:
smtp.yltab.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 11:57:04 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xibghiywjsqwhqunygxepebrfm7ru46odbx4red2eggpxkqyv5oq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ba0263a3164ca163c28dc1ae4790312b3f1a73ce186fc8907a218cfbaa18af5d

(this sample)

AgentTesla

Executable exe 4b783fd4ae88c844c973e0020e42c0bc76259a60a786be57e64cfe5f878f87a7

  
Dropping
MD5 0734603ece798b34ea461af9f5e5f23b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4b783fd4ae88c844c973e0020e42c0bc76259a60a786be57e64cfe5f878f87a7

Comments