MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5ba380953345439bbdfb42f63f8965dbbf991e41213d7ad3ceb4e23ef78ecab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f5ba380953345439bbdfb42f63f8965dbbf991e41213d7ad3ceb4e23ef78ecab
SHA3-384 hash: d826dbd27abc25093100f60fd3ef43700a1d344a99b9be1be09849fd1baeaaa69391f80311cf790f6a77e715761f3d3b
SHA1 hash: c34c162becbb6cee7e93a45d2e595e435247036f
MD5 hash: 915e7100f86357266c2b37db1ce77e4f
humanhash: lactose-pip-four-jig
File name:Purchase_Order_111982111.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:522'258 bytes
First seen:2020-05-12 09:13:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Np8LwRVuNz96GIV9q4fYAIKHtJIWYtzTNGLkluBI2DxvD/bfk:b8p/4cKHQWYtNOklud9D/bM
TLSH 54B4232FE6240F40037A2D1A6662EF151E790B1167FD502BEB5AE276F1273818CC7DAD
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.macartajans.com
Sending IP: 89.252.130.69
From: Ma Yun <admin@akmascowll.com>
Reply-To: Ma Yun <info@info.com>
Subject: Urgent Order -111982111
Attachment: Purchase_Order_111982111.zip (contains "Purchase_Order_111982111.exe")

AgentTesla SMTP exfil server:
mail.acroative.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.BehavesLike.Win32.Fareit.cc.21246.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Loki
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 08:07:34 UTC
File Type:
Binary (Archive)
Extracted files:
265
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6w5dqcktgrkdto67wqxwh6ewlw57tepecij5plj45nhch33y5svq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f5ba380953345439bbdfb42f63f8965dbbf991e41213d7ad3ceb4e23ef78ecab

(this sample)

AgentTesla

Executable exe 2fcc3c49cbacd359f308ab59cbafdec24f95d4b638bf9c2fd5dd466379dac3aa

  
Dropping
MD5 070dc07c464b01a1f7bb9b3561ab5df1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2fcc3c49cbacd359f308ab59cbafdec24f95d4b638bf9c2fd5dd466379dac3aa

Comments