MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea4c1499489667345c8dc93d18d1333fca529ac0d6ce34bd035124b0157dfeb2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea4c1499489667345c8dc93d18d1333fca529ac0d6ce34bd035124b0157dfeb2
SHA3-384 hash: 7ad3668ea02c9aa8817a8d68498f05890e7eafb0e91fba67b888e18f4e572372877fd3357b585abadaf6a3102456e879
SHA1 hash: 28660e0143c43ce63acec00d4d2874c1e50e80c9
MD5 hash: 95c9249b3abc1f11327416ac9e042bbd
humanhash: oranges-timing-georgia-twelve
File name:PAGO.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'160'195 bytes
First seen:2020-05-28 06:05:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:lEdECj/k08Pu4l9BbF6m2UWO6gXEB36OeID:lEXj/kO4/dcV/gXe6OeID
TLSH 65353396876DC80CE38652108F337516F683BB2238EB5257F5D4E0214BF5EBEC154AA7
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: s17583606.onlinehome-server.info
Sending IP: 82.165.194.211
From: Pedro Sánchez <info@artmaticeg.com>
Subject: PAGO
Attachment: PAGO.zip (contains "PAGO.exe")

AgentTesla FTP exfil server:
ftp.mse.com.cy:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 21:55:36 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ea4c1499489667345c8dc93d18d1333fca529ac0d6ce34bd035124b0157dfeb2

(this sample)

AgentTesla

Executable exe 6b239e6d6e691710a8482ee2679b39cbf372c15db6e82a00757fb7c4a7f36127

  
Dropping
MD5 4fcfb254054192735aefbbb342a1a6c1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6b239e6d6e691710a8482ee2679b39cbf372c15db6e82a00757fb7c4a7f36127

Comments