MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ecc38f7892e0fbb0c612f27d246e00070db4ffa68dfa1658ab914df14ab59f97. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ecc38f7892e0fbb0c612f27d246e00070db4ffa68dfa1658ab914df14ab59f97
SHA3-384 hash: 71d85fd38a045d7ced01fa7cb7d9e6523f90d585afceb213baf2aae769d646db8a2b7d2d1c57e49661b29d8168965a6f
SHA1 hash: f0b3320a3285c600590a5e4e8b59506d06dcbb16
MD5 hash: 5a8803e6c512411ce4316103fb54f592
humanhash: triple-black-tango-kilo
File name:PO1000020.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:361'662 bytes
First seen:2020-07-10 07:04:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:3YiIPfJv32y1wdKisouK2Bw7kIS43xKsB4H34dkZS/aIzxJudPI+djVTZ3WaYJnB:Ii6Bvp13isob2GAISojo34SyaexMdA+C
TLSH 557423D2CB35A9C4CBE561A8CD2417624F9E5B63552F7AB30BCCA3D9160A519C3C2F2C
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.bbuchikel.xyz
Sending IP: 94.177.12.125
From: new@news4luck.xyz
Subject: Purchase Unite
Attachment: PO1000020.zip (contains "eT0lW0QCYnBFalV.exe")

AgentTesla SMTP exfil server:
smtp.malkocbebe.com:587

AgentTesla SMTP exfil email address:
info@malkocbebe.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.ENZE.7690.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ecc38f7892e0fbb0c612f27d246e00070db4ffa68dfa1658ab914df14ab59f97/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 07:06:06 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5tby66es4d53brqs6j6si3qaa4g3j75grx5bmwflsfg7csvvt6lq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ecc38f7892e0fbb0c612f27d246e00070db4ffa68dfa1658ab914df14ab59f97

(this sample)

AgentTesla

Executable exe 38227a2fa957e10490fc1413d7d46c5aabfbf40285f487cb1f6a79cba9373c57

  
Dropping
MD5 19e9e700fdbb719235551348fbbced20
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 38227a2fa957e10490fc1413d7d46c5aabfbf40285f487cb1f6a79cba9373c57

Comments