MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba0da96a27a70f0c5a5a21921d50fd32ae89319fec130ddb50691d039f876fa6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba0da96a27a70f0c5a5a21921d50fd32ae89319fec130ddb50691d039f876fa6
SHA3-384 hash: c434c441e7d659c31058d53d2833107561b14456a3f5d30b74f723876042b62f416c6238a656bf83a244bf6f7b00290d
SHA1 hash: e62946caec61f0ff304917d8eed2fc04f14ed685
MD5 hash: 81f5e4357ddac06c86c6585378014b47
humanhash: winter-delaware-nuts-winner
File name:SOA APRIL.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:397'023 bytes
First seen:2020-05-25 12:24:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:HLHT20WjqKqUa4QRq+Ugpt1S77pftC9l8xEP:rTlWjqmD2Ugpt2ftCD8xEP
TLSH 988423A056C26CD6D0E265523B692FC314DFF331EE1028C3DB98396906DF80D83759E6
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gotoubi.com
Sending IP: 103.145.253.10
From: "Sharon" <sharonliu-dlc@gotoubi.com>
Subject: SOA TILL END APRIL
Attachment: SOA APRIL.zip (contains "SOA APRIL.exe")

AgentTesla SMTP exfil server:
mail.tolipgoldenplaza.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.49554.24493.30539.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 12:37:11 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ba0da96a27a70f0c5a5a21921d50fd32ae89319fec130ddb50691d039f876fa6

(this sample)

AgentTesla

Executable exe 1753cdd1b934ad14f3b6a767859c941a2f5a3a734834a9ae2ca5204281b1974c

  
Dropping
MD5 dd5f37195ac446c6f7e09321bcb64a63
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1753cdd1b934ad14f3b6a767859c941a2f5a3a734834a9ae2ca5204281b1974c

Comments