MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f11cb17b9fabf7f07003b5ba779a28285369a13120dcfe25345d0e4eec7bbcca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f11cb17b9fabf7f07003b5ba779a28285369a13120dcfe25345d0e4eec7bbcca
SHA3-384 hash: 6af71674f20b3aa5ce0d037212d3de80efc42333857f2bedcf9988ff6fdc4b022a8f0b26490e316deb5096875c7b064a
SHA1 hash: 39c711c8df02932a93015a6a197b2b202ac92f56
MD5 hash: 06e70432dfd2bcf805c62302b533dbab
humanhash: berlin-monkey-mississippi-six
File name:PO20201.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'233'920 bytes
First seen:2020-06-06 10:16:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:e536ufhePNLIHpsYXF/r9wf/d6HLJOuCSfKPI8DGl:e5Lf0tK+Y1/rmHGsuCSfHK4
TLSH B94533979AE87326999DCA6881B03DF080412CC14C49AB40FF3C8B6E95B4DD3DEB95D7
Reporter abuse_ch
Tags:AgentTesla geo TUR zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.edicoes-religiosas.com
Sending IP: 78.46.77.226
From: Uğur Öven <siparis@lojimax.com.tr>
Reply-To: siparis@lojimax.com.tr
Subject: New Order
Attachment: PO20201.zip (contains "PO20201.exe")

AgentTesla SMTP exfil server:
mail.durainteriordesign.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27681.XorExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 10:18:06 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6eolc647vp37a4adww5hpgrifbjwtijredop4jjuluhe53d3xtfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f11cb17b9fabf7f07003b5ba779a28285369a13120dcfe25345d0e4eec7bbcca

(this sample)

AgentTesla

Executable exe ef198e1bc193d5b0e033b27059f10e3ae7a5b696f2157bda94d765cc353d6952

  
Dropping
MD5 144ef7cef25ba3310000ddb81ec5192c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ef198e1bc193d5b0e033b27059f10e3ae7a5b696f2157bda94d765cc353d6952

Comments