MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e487efb2fabaf1e5b9479e7689765ef5fa6908195a0437974b22aa26253d6215. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e487efb2fabaf1e5b9479e7689765ef5fa6908195a0437974b22aa26253d6215
SHA3-384 hash: 71b35f98febafbaa90aba4fd5e616d504343b7320b1f4ac5d287e4cb6a3a8b94261e006d9aef16420be2fdc2e61830b1
SHA1 hash: c83844b9832c81098c84f5b77fe8de58c4d05093
MD5 hash: d82af71e78fd2dfe9ecb917f901219f9
humanhash: jig-fanta-london-mike
File name:Term and Conditions 4.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:541'731 bytes
First seen:2020-06-29 05:58:42 UTC
Last seen:2020-06-29 11:03:52 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:knKIpMJxnKVkQuGZF9bAmfH9BJ/fMnlhCsnfCFmAbIG6QSD8SV:sKF1ikPsFRHHtfMlhCsnfCEIdvaT
TLSH BBB42315C170FE66B66B4094558549B823FE293392BFE36F1062DE103CDFCACEA59817
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: drawtex.com
Sending IP: 103.99.1.159
From: info<info@drawtex.com>
Subject: INVESTMENT INQUIRIES
Attachment: Term and Conditions 4.zip (contains "opoooooo.exe")

AgentTesla SMTP exfil server:
mail.aneeqllc.com:587

Intelligence

File Origin
# of uploads :
4
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.ENGK.190.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e487efb2fabaf1e5b9479e7689765ef5fa6908195a0437974b22aa26253d6215/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 03:38:25 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4sd67mx2xly6lokhtz3is5s66x5gscazlicdpf2lekvcmjj5mikq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip e487efb2fabaf1e5b9479e7689765ef5fa6908195a0437974b22aa26253d6215

(this sample)

AgentTesla

Executable exe ff3ae499f8f7e4682acd374391c6a8ae492cf0205ccd02a20a18f76cae6409c1

  
Dropping
MD5 fd81cbb883033274471a48ed055ff2e1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ff3ae499f8f7e4682acd374391c6a8ae492cf0205ccd02a20a18f76cae6409c1

Comments