MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee1a657be2965e73e4e73ac9213d15f9cde1fddc1e1dc525c83c980513a5e2e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee1a657be2965e73e4e73ac9213d15f9cde1fddc1e1dc525c83c980513a5e2e8
SHA3-384 hash: 38d2a2030a9186e0818b4d7c39313235500f832855f43cb9b13914f2ae86f1efa778fa93b0be488a0bba6744f114ffa6
SHA1 hash: a0a74109cb90adf5d1146a8d8daa048953df1cd1
MD5 hash: 3746ccd4b03dd9fc34458443bab653b2
humanhash: princess-ack-video-stream
File name:COVID 19 Info_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:467'242 bytes
First seen:2020-04-20 15:02:25 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:Y2lFTrOgFCMiZagy4HyYnXKxGldrhCX4oN:YmNFfgBytgvCXNN
TLSH 51A4230549650D278BBDB43B22D98AD5790694C79136F21630FA0AFC28EB7B6C7BDC43
Reporter abuse_ch
Tags:AgentTesla COVID-19 gz


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: aurora.scorchplus.co.uk
Sending IP: 95.131.65.73
From: Mr. Samean Sok meth <mdc05@dynamic.com.kh>
Subject: COVID 19- SOLUTIONS
Attachment: COVID 19 Info_pdf.gz (contains "COVID 19 Info_pdf.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587 (85.187.154.178)

AgentTesla SMTP exfil email address:
scott@flood-protection.org

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Zusy-7679709-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-20 15:35:29 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5yngk67cszphhzhhhlescpiv7hg6d7o4dyo4kjoihsmake5f4lua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz ee1a657be2965e73e4e73ac9213d15f9cde1fddc1e1dc525c83c980513a5e2e8

(this sample)

AgentTesla

Executable exe 02901340842ac53bba2ca25aa8c52300435c1c7f8c273521d54c60c4ffb92a00

  
Dropping
MD5 905fab6c13564fda0d93cdd4949d8882
  
Dropping
SHA256 02901340842ac53bba2ca25aa8c52300435c1c7f8c273521d54c60c4ffb92a00
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 02901340842ac53bba2ca25aa8c52300435c1c7f8c273521d54c60c4ffb92a00

Comments