MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 03bf59c174e62abae470d88fd7d876d2d0d899ba1e66a2cfc9188d1dee2c07b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 03bf59c174e62abae470d88fd7d876d2d0d899ba1e66a2cfc9188d1dee2c07b5
SHA3-384 hash: 338af8e2534c778ef2a073c1a39df9f3fe065bf5b84b9363619db65ae8391783e6abbe4c21f2229c7e243f6b6c6dd993
SHA1 hash: facefc73936b66d20d3b711c9d50f23536dfeb65
MD5 hash: 0e0dcdcea64b26cfc3f2f9a37a826324
humanhash: chicken-item-emma-delaware
File name:MOA INVOICE_10121345.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'033'416 bytes
First seen:2020-06-10 12:45:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:+nqfhI3wW7AMT/JFeg+QbwrElR/dsQFtumCp+H7SQICPt:+n4Iw8PJQgVbwrghuouQIE
TLSH 1025334628740B5526CC938B938EB8DF3B82B985917C817284F29C89F497C56B87BFD4
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: pdlc34160.ciberserver.com
Sending IP: 176.221.34.160
From: ROBERTO GARCIA <administracion@construccionesmy.com>
Subject: MOA INVOICE TO LAST ORIGIN AND FINAL CERTIFICATION
Attachment: MOA INVOICE_10121345.zip (contains "MOA INVOICE_10121345.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 12:47:04 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ao7vtqlu4yvlvzdq3ch5pwdw2linrgn2dztkft6jdcgr33rma62q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 03bf59c174e62abae470d88fd7d876d2d0d899ba1e66a2cfc9188d1dee2c07b5

(this sample)

AgentTesla

Executable exe 543f935852d249ad9f5e15796a366bec0c560a6fb4d0980525a030029f31a220

  
Dropping
MD5 26e4021e090e38b78648998ede7a1cea
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 543f935852d249ad9f5e15796a366bec0c560a6fb4d0980525a030029f31a220

Comments