MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6697deb5eb8b114fb3c776911ae153cdaf835b3ea853ab6f0a2099eb8b0c51d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6697deb5eb8b114fb3c776911ae153cdaf835b3ea853ab6f0a2099eb8b0c51d
SHA3-384 hash: 7900782281de1ba1c8791814a80173fb967c59cf1e7b180f03e4b9e446f4f33c5695afbf5dbf69d96886e5a4cdcee655
SHA1 hash: f243cf9bb93b0786ddd6f6aec96ba522c28f3a56
MD5 hash: d7835da43f21198030f7bd9d63e5e156
humanhash: harry-freddie-five-beryllium
File name:covid 19 vasine.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:396'655 bytes
First seen:2020-04-02 18:46:27 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:XxH+2Y3QbNy0xZOlm14KV43a7GKjQVE7AzFtbmoRjew7rm1TO6h23Op5JU:XxKd03BdGCNsEsGoRjvqj23uc
TLSH 98842383D347196DA2AAFBB55CDA863D42CD09C25D5FE46446373BDEFFAC0603989028
Reporter abuse_ch
Tags:AgentTesla COVID-19 gz


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: marathon.dnssw.net
Sending IP: 81.25.112.50
From: diapa@diapasl.com
Subject: Covid-19: We are still open
Attachment: covid 19 vasine.gz (contains "23455432_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 19:35:45 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
18 of 47 (38.30%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4zux3226xcyrj6z4o5urdlqvhtnpqnnt5kctvnxquiez5ofqyuoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz e6697deb5eb8b114fb3c776911ae153cdaf835b3ea853ab6f0a2099eb8b0c51d

(this sample)

AgentTesla

Executable exe 08aa04cec89da0f1c012ea46934d555ef085e2956e402cb0b2b40c8c1027d9e8

  
Dropping
MD5 3897666ba91c1e000fe5a0b4edb2097c
  
Dropping
SHA256 08aa04cec89da0f1c012ea46934d555ef085e2956e402cb0b2b40c8c1027d9e8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 08aa04cec89da0f1c012ea46934d555ef085e2956e402cb0b2b40c8c1027d9e8

Comments