MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d039c40d4c5d8c8aa5e63bf1e91e5459d3eda9ca1f3bf6f15851927d420a3da5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d039c40d4c5d8c8aa5e63bf1e91e5459d3eda9ca1f3bf6f15851927d420a3da5
SHA3-384 hash: 000e13925b626c943face0a44bfc7d119cd206f1d71bebea5c022636b0a4c1d4a300174ce830e8b25c2c0efc80afed5d
SHA1 hash: 7e5a670b262946cb996c8bff59089025d2c621d1
MD5 hash: e5b87e8446f3997eae93a9cd24226418
humanhash: earth-kitten-low-early
File name:INVOCE KDC2050-1 CN.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'019'307 bytes
First seen:2020-05-26 11:12:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:fagrebx32095fWDLU7yngNrvDRgp1rEf6BcIV2L3l/ZrLZjG:fHPUUeyngNrv41rEo2L3l/ZZjG
TLSH C925336AF268DFF53A293334CC13ECA8B5D40ED1BB2EC1EA7334C656165052AEB14971
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.domain.com
Sending IP: 185.94.191.86
From: Siu Yee <admin@rajmangroup.com>
Subject: Re:Invoice & A20SCW06027 spec. new order HMT-2
Attachment: INVOCE KDC2050-1 CN.zip (contains "INVOCE KDC2050-1 CN.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:39:50 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d039c40d4c5d8c8aa5e63bf1e91e5459d3eda9ca1f3bf6f15851927d420a3da5

(this sample)

AgentTesla

Executable exe 1de5206fee55c13accf36266f7f344e3e8d16f5e4a1080e799c9950a302bc81a

  
Dropping
MD5 3d1d0b9d9a29c81730ec2a5d4a9f3723
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1de5206fee55c13accf36266f7f344e3e8d16f5e4a1080e799c9950a302bc81a

Comments