MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc01fbe29853e4b3536f6f77b774d72f26866e589a389883486e2b3819e1688f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc01fbe29853e4b3536f6f77b774d72f26866e589a389883486e2b3819e1688f
SHA3-384 hash: 668db4dc28ec4e77e04fdee104753c1ef7874defd7d03669325ecf9c550ea03ef89b92cb03cf87bd1d156740e75bbdfb
SHA1 hash: 4ef570ed66a6cd8cd92b70647c55b2cb9ef29e05
MD5 hash: 1a0208982fc0b416da597fec2824cd7a
humanhash: fix-carbon-dakota-colorado
File name:285100727000782928_PDF.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:522'281 bytes
First seen:2020-05-12 16:13:45 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Jzuj9AAPY+22Sl/FfYdjezTozjpu4znrWdU/bQpvhbP:JzshSl/5YEoz9uAWdUTivhbP
TLSH 16B423160F8A18EE4E44CD53CB6E97091502FFE1E8365CDFD86911241302BD977BABB9
Reporter abuse_ch
Tags:AgentTesla geo HRV Sberbank zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server4.justsee.co.in
Sending IP: 180.179.34.100
From: Sberbank <izvodi@mail.sberbank.rs>
Subject: Mesečni izvod za kreditnu karticu
Attachment: 285100727000782928_PDF.zip (contains "285100727000782928_PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.BehavesLike.Win32.Fareit.cc.21246.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 18:36:21 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zqa7xyuykpslgu3pn533o5gxf4tim3syti4jra2inyvtqgpbnchq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip cc01fbe29853e4b3536f6f77b774d72f26866e589a389883486e2b3819e1688f

(this sample)

AgentTesla

Executable exe 1c2bc3fe39eadb67c0a9712e29ea2f2daa523eb3440606a0348827c3f84daeda

  
Dropping
MD5 c01acc1322d2518ccb572db1735d382c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1c2bc3fe39eadb67c0a9712e29ea2f2daa523eb3440606a0348827c3f84daeda

Comments