MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bdd70aa33625bb9faeebb4507aab6712b2d226b26629fe165c3e1d00e2add95f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bdd70aa33625bb9faeebb4507aab6712b2d226b26629fe165c3e1d00e2add95f
SHA3-384 hash: 310edb4aeafb73502548749be2f433ff4e5ae8b33a1876cd7b48613a7f616d09061d588442633d7b441cec6d2dd4ce2c
SHA1 hash: ae580ad61db678c449d72667ef4bc99466c5b303
MD5 hash: bca91d0d1175a2a2858f4d3750beed53
humanhash: white-angel-georgia-queen
File name:TT COPY 2.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:428'328 bytes
First seen:2020-08-18 11:12:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:YaPOpRqJSJ/uDic9dYWysHX3jUyGoK9A/T+5VlI:NPO/wSJmWc9dZl3zUyGfmqY
TLSH DF9423B15AEF0D4EE5B337CDF51C36D8AE59A0089A984F8B4717353212741EB9BC428D
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.fpcci.org.pk
Sending IP: 124.29.202.181
From: Manish Kapoor <sales@jkeautomation.com>
Reply-To: purchasemd@yandex.com
Subject: RE: TT COPY
Attachment: TT COPY 2.zip (contains "TT COPY.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20684.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bdd70aa33625bb9faeebb4507aab6712b2d226b26629fe165c3e1d00e2add95f/
Threat name:
Win32.Trojan.SmartAssembly
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 00:57:12 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xxlqvizwew5z7lxlwrihvk3hckznejvsmyu74fs4hyoqbyvn3fpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip bdd70aa33625bb9faeebb4507aab6712b2d226b26629fe165c3e1d00e2add95f

(this sample)

AgentTesla

Executable exe 24a4ff1caedd0ba9221602b5ea22e6d14c5f8c15f8dfc30c109b0e8e3cd96132

  
Dropping
MD5 b4adf6cf398a929c4af7360dcafed5b0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 24a4ff1caedd0ba9221602b5ea22e6d14c5f8c15f8dfc30c109b0e8e3cd96132

Comments