MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 6 Yara Comments 3

SHA256 hash: e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23
SHA3-384 hash: caf924ae576307a244c15690d7cb39f695fef044ddc38b69b46c48bc57c33d35766af1801deac1760e2cf25908af0a9a
SHA1 hash: a9b9437f2a3408d7d7b7e2eb3cf3740f7806cecf
MD5 hash: de469fdf2dea2262671309d613c8ac4c
humanhash: table-october-video-pizza
File name:be45bf7f251ecc68fc1210b927aa7453.exe
Download: download sample
Signature AgentTesla
File size:297'472 bytes
First seen:2020-04-02 13:35:19 UTC
Last seen:2020-04-06 13:05:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:fgYLudz42rixRoFLXp+0qCka4P/tWm0QYTA+bKcoGT7:ohB4lQrItWm0BdoGT7
TLSH F754397D2B88B902F73D493289D5266026F1D4934E22CB0F6EC55BED7E527CA2C4A385
Reporter @abuse_ch
Tags:AgentTesla exe GuLoader


Twitter
@abuse_ch
Payload dropped by GuLoader from the following URL:
https://drive.google.com/uc?export=download&id=1CLCbjFy3aoGBl07CLV-M4GdEGw7Io-ns

Intelligence


Mail intelligence No data
# of uploads 3
# of downloads 32
Origin country US US
ClamAV Win.Malware.AgentTesla-7426372-1
Win.Malware.AgentTesla-7660762-0
CERT.PL MWDB Gathering data
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Autorun
First seen:2020-04-02 14:35:26 UTC
AV detection:27 of 31 (87.10%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
MD5 9476fb8b61f96d60d0921f6bd2b826f7
  
Dropped by
GuLoader
  
Dropped by
SHA256 afdb3acddc897f0f5e73d5c722eab77cbb2a2e06ba83299992dd3cadb62d6c61

Comments



Avatar
abuse.ch commented on 2020-04-02 15:33:52 UTC

COVID-19 themed malspam distributing GuLoader->AgentTesla:

HELO: ns392991.ip-176-31-110.eu
Sending IP: 176.31.110.7
From: Dr. Kim Jung <info@hardworkingincs.pro>
Subject: Latest vaccine release for Corona-virus(COVID-19)
Attachment: COVID-19_040220.rar (contains "COVID-19_040220.exe")

GuLoader payload URL (AgentTesla):
https://drive.google.com/uc?export=download&id=1CLCbjFy3aoGBl07CLV-M4GdEGw7Io-ns

AgentTesla SMTP exfil server:
mail.asesoriaurquijo.net:587 (31.193.225.102)

Avatar
abuse.ch commented on 2020-04-02 15:33:52 UTC

COVID-19 themed malspam distributing GuLoader->AgentTesla:

HELO: ns392991.ip-176-31-110.eu
Sending IP: 176.31.110.7
From: Dr. Kim Jung <info@hardworkingincs.pro>
Subject: Latest vaccine release for Corona-virus(COVID-19)
Attachment: COVID-19_040220.rar (contains "COVID-19_040220.exe")

GuLoader payload URL (AgentTesla):
https://drive.google.com/uc?export=download&id=1CLCbjFy3aoGBl07CLV-M4GdEGw7Io-ns

AgentTesla SMTP exfil server:
mail.asesoriaurquijo.net:587 (31.193.225.102)

Avatar
abuse.ch commented on 2020-04-02 15:33:52 UTC

COVID-19 themed malspam distributing GuLoader->AgentTesla:

HELO: ns392991.ip-176-31-110.eu
Sending IP: 176.31.110.7
From: Dr. Kim Jung <info@hardworkingincs.pro>
Subject: Latest vaccine release for Corona-virus(COVID-19)
Attachment: COVID-19_040220.rar (contains "COVID-19_040220.exe")

GuLoader payload URL (AgentTesla):
https://drive.google.com/uc?export=download&id=1CLCbjFy3aoGBl07CLV-M4GdEGw7Io-ns

AgentTesla SMTP exfil server:
mail.asesoriaurquijo.net:587 (31.193.225.102)