MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eafa91cf83acf7fcf297cef3ac8eba2ce292933e6c9c6f57c355ed5c79b10d2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eafa91cf83acf7fcf297cef3ac8eba2ce292933e6c9c6f57c355ed5c79b10d2f
SHA3-384 hash: c1ee489e9d18dc29ca27b1843d2d5089820acc63906ad9c333a85e22ca6f9db8383ba46b004784fa64014901c01799fe
SHA1 hash: baea7108c24d57228709f0c5f9f7dfd06a739914
MD5 hash: 80daf39cedba7a6f414125e4e176bdf9
humanhash: jig-vermont-beryllium-sodium
File name:COVID-19 Prevention.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'212'317 bytes
First seen:2020-04-15 11:50:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:fgxyMFw6cNzvMjMhWfL7kEQWYIXLUbsziQscWujdotxwt:fg/wWIQvQWYCLUbCitujdotU
TLSH 4A4533FA9754E1811A478F02B8E9A77AF60741B503CEC1414F8C0092BBE7AF75DA4A37
Reporter abuse_ch
Tags:AgentTesla COVID-19 zip


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: rpnk-qz2s.accessdomain.com
Sending IP: 64.207.178.14
From: Covid-19 Sanidad <newsletter@health.com>
Subject: COVID-19 Prevention and guidelines
Attachment: COVID-19 Prevention.zip (contains "COVID-19 Prevention.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.BehavesLike.Win32.Generic.vh.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-04-15 12:35:27 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
29 of 45 (64.44%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5l5jdt4dvt37z4uxz3z2zdv2ftrjfez6nsog6v6dkxwvy6nrbuxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip eafa91cf83acf7fcf297cef3ac8eba2ce292933e6c9c6f57c355ed5c79b10d2f

(this sample)

AgentTesla

Executable exe eb3d9d8c05443250dee20263c5ef307488815184b70bc97316ef4d8d4a26b74c

  
Dropping
MD5 b7e1c3bfa275e752555c475e8d160bd1
  
Dropping
SHA256 eb3d9d8c05443250dee20263c5ef307488815184b70bc97316ef4d8d4a26b74c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eb3d9d8c05443250dee20263c5ef307488815184b70bc97316ef4d8d4a26b74c

Comments