MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3c7b23af4d44c13bcf46e7f17cfc3f35e1c2c7f4d83c04e6d4c3e12c3459546. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f3c7b23af4d44c13bcf46e7f17cfc3f35e1c2c7f4d83c04e6d4c3e12c3459546
SHA3-384 hash: 783ded20ab8ab43378846c16444bcf55cb429f167456fb37d5a3c13fd97978af2ffb2b5a6bdf225ae5a7b45a61d8151b
SHA1 hash: fe619780a5e6a8782d693168b9f6e6956e1e0ffc
MD5 hash: 2c0428cfb1239037d51f3e338503a188
humanhash: seventeen-pluto-fruit-hamper
File name:Звесткі пра адсочванне FedEx-pdf.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'000'357 bytes
First seen:2020-06-10 10:29:45 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:EnEqTNaqMai5TK2ev677Ux8PD5PtGQQrWSMHEcaBX:EnENq0eBx8PFP9QySMHEcad
TLSH 7325338F8C68861F14DAD5BFC437DACB1DF4B428DF664866CC408A40FDE527A59A8783
Reporter abuse_ch
Tags:7z AgentTesla BLR geo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: linux1187.grserver.gr
Sending IP: 95.216.14.228
From: Marta Slowinska (FedEx) <marta.slowinska.osv@fedex.com>
Reply-To: Marta Slowinska (FedEx) <dustiutd12@hotmail.com>
Subject: Апавяшчэнне аб дастаўцы FedEx
Attachment: Звесткі пра адсочванне FedEx-pdf.7z (contains "Звесткі пра адсочванне FedEx-pdf.exe")

AgentTesla FTP exfil server:
ftp.kassohome.com.tr:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 09:57:00 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6pd3eoxu2rgbhphunz7rpt6d6npbyld7jwb4attnjq7bfq2fsvda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f3c7b23af4d44c13bcf46e7f17cfc3f35e1c2c7f4d83c04e6d4c3e12c3459546

(this sample)

AgentTesla

Executable exe 58b163e4efcd1ebe556f0ddd87405f1f719c77d2127fa5898fb136790e0832cb

  
Dropping
MD5 3762a5a8ebe2960c6cd2e1bbe840aa45
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 58b163e4efcd1ebe556f0ddd87405f1f719c77d2127fa5898fb136790e0832cb

Comments