MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05affa4fbef31b515333e166ad083425a71edf897745f52547eebacf070caace. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05affa4fbef31b515333e166ad083425a71edf897745f52547eebacf070caace
SHA3-384 hash: ed8993b95bb0525cf467229d3af9e585708e97250c3d10b1bce4860562b356514831ed9d2c8e899027f0b7d707f51544
SHA1 hash: f68d444454dadb90f193eb35df7cd1ceef022c40
MD5 hash: eb2a0f0df24f0ed20126bcb86291f82d
humanhash: blue-georgia-august-princess
File name:PO copy.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:400'707 bytes
First seen:2020-05-14 05:51:57 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:tQl73JZ32HH1oflhcT4cVvq31u0qJ2qBS:t2f3aerc7Cu0Yi
TLSH 878423CFBAA4B070B3F5D795A7F070E5C7924037644A9E90A128138AB5EC4152BE4FED
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: yandex.ru
Sending IP: 95.211.208.58
From: Export Department<ac.general@yandex.ru>
Subject: Urgent Request for Invoice
Attachment: PO copy.pdf.z (contains "PO copy.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 08:17:17 UTC
File Type:
Binary (Archive)
Extracted files:
320
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=awx7ut566mnvcuzt4ftk2cbuewtr5x4jo5c7kjkh525m6bymvlha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 05affa4fbef31b515333e166ad083425a71edf897745f52547eebacf070caace

(this sample)

AgentTesla

Executable exe 3168dedd367a1c486a5e5f79304a204e1508fcde7ea4fa2363e943a62330268f

  
Dropping
MD5 8d95d98fa7a0022d71440a77d12089a3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3168dedd367a1c486a5e5f79304a204e1508fcde7ea4fa2363e943a62330268f

Comments