MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eacad6cccfb63ebbd0a4acd665add61cf16b75755e5133ef2726a11c99aa8270. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eacad6cccfb63ebbd0a4acd665add61cf16b75755e5133ef2726a11c99aa8270
SHA3-384 hash: f7e025bad133cd34ff98731295cac5a33e7eea4cd8c6a182f4617a808bfbd51d162d0f053c887c8ceb5af5f87c45b2e2
SHA1 hash: 2d96160d11b569571149d2f3f98924e91f7414ad
MD5 hash: 1fa045413da10f83c7a4118817931f61
humanhash: single-aspen-floor-louisiana
File name:RFQ 20208643578.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'075'152 bytes
First seen:2020-05-13 16:46:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:8v6NudOtz0XozPc5L+Bq66seWbj8suwaUtv0VBH4yD2BJ/xc:8irtzDDx6seWHNuzUt6h4rPi
TLSH D435337CD191238872A5A55B442AE9AF7E2224C09BF712233D6DC7C49FEF1B5181B13E
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.sgbcg.com
Sending IP: 113.11.251.241
From: Meyer Wang <parwezasha@gmail.com>
Subject: RFQ
Attachment: RFQ 20208643578.zip (contains "RFQ #20208643578.exe")

AgentTesla SMTP exfil server:
protectorfiresafety.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25093.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 16:09:47 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5lfnntgpwy7lxufevtlgllowdtyww5lvlzith3zhe2qrzgnkqjya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip eacad6cccfb63ebbd0a4acd665add61cf16b75755e5133ef2726a11c99aa8270

(this sample)

AgentTesla

Executable exe a4acf9d1c576b9463cad3c69b280750a03530a12c3f020cdffdafffc2c2be808

  
Dropping
MD5 1972c4227a9da6e8adb2df4f5952306f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a4acf9d1c576b9463cad3c69b280750a03530a12c3f020cdffdafffc2c2be808

Comments