MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2143e0aec246f899c07647a87f757add230325e6bc2967ad72eddb4e10ad90c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2143e0aec246f899c07647a87f757add230325e6bc2967ad72eddb4e10ad90c
SHA3-384 hash: b44c9a0494580a1ddeca351489cf7a3e06b9365cc46d34fda9d45629fcacb2fb14e18f5d50ad693bc0a80d5f2ddbbd46
SHA1 hash: fde71515880c585a9cfc9e34813e872167eff9dc
MD5 hash: b83c8868102c2f2e6ab9f2dcc344221f
humanhash: yankee-avocado-snake-pennsylvania
File name:Invoice09080000pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:361'881 bytes
First seen:2020-05-05 07:48:27 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:rNDRGsipP38fuNytdg0wIwFx1wdNRay2wNSzyulLVJLZd39HEd0zq6gMUz:r5Lief5dwIwarY2AVJz39kd0z9gNz
TLSH 887423270AEA35305771936931C2F3E4A7C7EA853DB3D65CC4398E9A2677FD010BA168
Reporter abuse_ch
Tags:AgentTesla geo THA z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mono.avnam.net
Sending IP: 190.210.186.210
From: SON DAR ELECTRONIC TECHNOLOGY CO., LTD. <sales@sondar.com.tw>
Reply-To: sales@sondar.com.tw
Subject: ใบแจ้ง\x0aหนี้ / PO-909000
Attachment: Invoice09080000pdf.z (contains "Invoice09080000pdf.exe")

AgentTesla SMTP exfil server:
smtp.ionos.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.LuheFihaB.32392.19162.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.21103.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Crysan
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 10:09:06 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ikd4cxmerxythahmr5ip52xvxjdams6npbjm6wxf3o3jyik3ega._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f2143e0aec246f899c07647a87f757add230325e6bc2967ad72eddb4e10ad90c

(this sample)

AgentTesla

Executable exe a95bb180b0d9bb5f2a3b7974f8170fb18b6979a46cacfa352d769eccf428ebdf

  
Dropping
MD5 067d54aa6365b5989cbf6101f7e123fc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a95bb180b0d9bb5f2a3b7974f8170fb18b6979a46cacfa352d769eccf428ebdf

Comments