MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04ebdb1c87142bbdcd851649108ae0ae181a29e8077dc75178a76980b99f7eae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04ebdb1c87142bbdcd851649108ae0ae181a29e8077dc75178a76980b99f7eae
SHA3-384 hash: b7ea49249349ac52977243b19587e2c597d81e6db6687ce405bfa057ee8d57a679fb2827665659c97e9e3c1a9ad31c08
SHA1 hash: 317827e66a2286139baa7f59eb16d196ab655b83
MD5 hash: b3231a85aa353b05b1aeb03555dfe8e1
humanhash: crazy-seventeen-dakota-saturn
File name:doc 20200519__009400100011.XLS.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'643'270 bytes
First seen:2020-05-20 11:39:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:GqEvOXOL9czAwG/sCpfb4nl92zLv30fASSt:6vSs3f5Uk3v30fd2
TLSH 867533B27A7FD52250951F3CAC63CCE12055A0E3ACE7E95D6C3A57C0D3668E9218CB1B
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp.ostec-qroup.ru
Sending IP: 104.168.253.210
From: 陈文涛 <sales26@china-ilife.com>
Subject: 询价
Attachment: doc 20200519__009400100011.XLS.z (contains "doc 20200519__009400100011.XLS.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 10:49:43 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=atv5whehcqv33tmfczerbcxavymbukpia564oulyu5uybom7p2xa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 04ebdb1c87142bbdcd851649108ae0ae181a29e8077dc75178a76980b99f7eae

(this sample)

AgentTesla

Executable exe de622bb40c40601211ae4e0e1100f6e3e76f1563a1ac774bb231ad6b8bf45db6

  
Dropping
MD5 567e3692cb3054b1eda9e2b97d273c12
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 de622bb40c40601211ae4e0e1100f6e3e76f1563a1ac774bb231ad6b8bf45db6

Comments