MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed5b480e6a34639fe8404e3a5d24372d6d6ba3ca1153fb19ab249c688b29623e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed5b480e6a34639fe8404e3a5d24372d6d6ba3ca1153fb19ab249c688b29623e
SHA3-384 hash: 580442a574079ed259de150a45830f6c2fd6224b1bd29b18c56b17ecb9ad57ba5657d154d338762ba0abcea7cc2ddef4
SHA1 hash: 26a75e0143fb49036a7dd2c085f08653626e7dee
MD5 hash: 65809f8f4bceb16d64f7a0623f620f43
humanhash: gee-salami-south-maryland
File name:attachments.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'819'110 bytes
First seen:2020-05-06 09:38:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:pKV3FEo/8y6nyrJm+dHFVmV82dqmOabJYY9liI:eqo07V+3Vc8eSpYf
TLSH 398533E2D82D7EDD2117D5796FE1D2C6E83535A29FC8481142FB60238821FFB4A8F295
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: paiho.cn
Sending IP: 103.89.89.197
From: icole <icole@paiho.cn>
Subject: New Order and Outstanding Payment Slip Copy
Attachment: attachments.zip (contains "attachments.exe")

AgentTesla SMTP exfil server:
smtp.ph1cool.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 09:56:45 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5vnuqdtkgrrz72cajy5f2jbxfvwwxi6kcfj7wgnlesogrczjmi7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ed5b480e6a34639fe8404e3a5d24372d6d6ba3ca1153fb19ab249c688b29623e

(this sample)

AgentTesla

Executable exe 01aad6e3d5eaf5e4e177fbb2ff8c48214b2fad16e12aad163de371602be40103

  
Dropping
MD5 654d5191a2aad96fce5a931cd7a060b5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 01aad6e3d5eaf5e4e177fbb2ff8c48214b2fad16e12aad163de371602be40103

Comments