MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e98a8bbedb25f92722e66d9fc230e34d5c33a302476b30d95215aa8b02915129. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e98a8bbedb25f92722e66d9fc230e34d5c33a302476b30d95215aa8b02915129
SHA3-384 hash: 550f9713f41a6f222b17638d4a6fb5ce9a70e6ff211cdcc4a641f20e2e9757b470ade3ad7c3b90a861bf93695a629a6d
SHA1 hash: 1f48a17fbab12d83476737f6b74f6940b17d0c81
MD5 hash: 6bc97c7496f79a37decfee74105c7a89
humanhash: lamp-jig-asparagus-mississippi
File name:World Health Licence Details.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:379'253 bytes
First seen:2020-04-06 10:07:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:GgPSV0nQU6sq52Z2Wablj9Yakb/cHUnVeRA5IrpgBO04/fk1156H4S4nLuPgasCV:LO7WaBwb/m9a58rT/fk1ddC2Zg
TLSH AA842311A7F81F54227A534BE8644200ECA21FB6D349FCF568392690578BBF0FA5BCE1
Reporter abuse_ch
Tags:AgentTesla COVID-19 zip


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: newexhib.com
Sending IP: 103.114.104.96
From: Health Alert brings COVID-19<newexhib@newexhib.com>
Subject: WHO Health Alert brings COVID-19 facts For All Business Owners
Attachment: World Health Licence Details.zip (contains "World Health Licence Details.exe")

AgentTesla SMTP exfil server:
mail.emailsrvr.com:587 (173.203.187.14)

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33614599.25567.1216.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 09:52:32 UTC
File Type:
Binary (Archive)
Extracted files:
22
AV detection:
22 of 47 (46.81%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5gfixpw3ex4soixgnwp4emhdjvodhiyci5vtbwkscwviwaurkeuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip e98a8bbedb25f92722e66d9fc230e34d5c33a302476b30d95215aa8b02915129

(this sample)

AgentTesla

Executable exe b2039b0fadc93d87682989cd23067c9b049f2520c49722006e2340e3236a9918

  
Dropping
MD5 e9970d8ba143698da56ac95a41c00171
  
Dropping
SHA256 b2039b0fadc93d87682989cd23067c9b049f2520c49722006e2340e3236a9918
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b2039b0fadc93d87682989cd23067c9b049f2520c49722006e2340e3236a9918

Comments