MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de0e59cfa0ab76dc52d4952ee3f5c6fa4cfb78e5455f866cf4cbdc40a20a81f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: de0e59cfa0ab76dc52d4952ee3f5c6fa4cfb78e5455f866cf4cbdc40a20a81f8
SHA3-384 hash: 6f12cca7e9f711f7b5d62b7f3b542085511d4c0f35e44dedf5c23a8b185c5b2672cb4cd86f90f2c98402a2b5d5a3eb7f
SHA1 hash: 85ae60747c49df6b0fe22c86937074856ba78734
MD5 hash: 05c9f7f6d89b5b07a4aa451213d8fe21
humanhash: uniform-blossom-ten-king
File name:ANÃ LISE DO CONTRATO-pdf.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'157'141 bytes
First seen:2020-05-25 12:58:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:FOQulmNu0wK453gRKHoOWVOBfJ109z5Q/XDmNDrwef0:FF9uMU3gRKHdWQX03KDmZrwj
TLSH 2835336BEF19121C16D8A018EC33264798DA382611A2931324D6FF9BC637519BFD4BF7
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: linux1117.grserver.gr
Sending IP: 95.216.16.146
From: Robert Sendra <robertsendra@arkoslight.com>
Reply-To: Robert Sendra <dustiutd12@hotmail.com>
Subject: CNC 39200 // ANÁLISE DO CONTRATO
Attachment: ANÃ LISE DO CONTRATO-pdf.7z (contains "ANÃ LISE DO CONTRATO-pdf.exe")

AgentTesla FTP exfil server:
ftp.kassohome.com.tr:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AutoIT-3.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 14:41:02 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip de0e59cfa0ab76dc52d4952ee3f5c6fa4cfb78e5455f866cf4cbdc40a20a81f8

(this sample)

AgentTesla

Executable exe 8e340cf377dc2ea5fd299d5d2c6647b30128fb9fa8bcb88e752ae6e3df145233

  
Dropping
MD5 441cc668663793ab04a5a414f31339da
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8e340cf377dc2ea5fd299d5d2c6647b30128fb9fa8bcb88e752ae6e3df145233

Comments