MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d9a44058b46a959cce56e4bbdc84b588866de6b6a8d0e9599c86c1c5b3794c4f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d9a44058b46a959cce56e4bbdc84b588866de6b6a8d0e9599c86c1c5b3794c4f
SHA3-384 hash: 8257e2f14eb25a1dd675e2221a0c8ccadf423b3c79a61fc64cf0150340a857ecc835941d77f20115f6b7131a60cc1b58
SHA1 hash: c8366e59010e39d422ce20c4a1d64a71494a03d7
MD5 hash: 0f5d744aa66dca459909af6bec41a3f8
humanhash: potato-ohio-kitten-sweet
File name:AL-ADAA106_ORDER0737.GZ
Download: download sample
Signature AgentTesla
Create hunting rule
File size:991'967 bytes
First seen:2020-06-15 11:55:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:y1boznps8aluvOuFQz6bCoRNFZlQgLfdtMjUnf0MUIrW:y5oznpLa1Kgs7ZlQCdtME3Uj
TLSH 24253384B86B58FA00CF6E5F5D2BFCC2B9875DB545A2C320F84296DD302ACB7B617052
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.strongmailvault.com
Sending IP: 111.90.144.224
From: Kassem Ahmed <office@jinpao.us>
Subject: Order for AL-ADAA Co
Attachment: AL-ADAA106_ORDER0737.GZ (contains "AL-ADAA106_ORDER0737.exe")

AgentTesla SMTP exfil server:
smtp.yltab.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Ransomware.WannaCry
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 11:57:03 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3gseawfunkkzztsw4s55zbfvrcdg3zvwvdioswm4q3a4lm3zjrhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d9a44058b46a959cce56e4bbdc84b588866de6b6a8d0e9599c86c1c5b3794c4f

(this sample)

AgentTesla

Executable exe 23585bc9e143c358682c543caf45ca5b58ce758e50c115adb40d58e9b0a893cf

  
Dropping
MD5 d071dcc778be5a6cc73cd6026e4a3a00
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 23585bc9e143c358682c543caf45ca5b58ce758e50c115adb40d58e9b0a893cf

Comments