MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fa01fb0c558a7999809f02fc1806196501430b1d3c54251ae3f3af4a532953b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0fa01fb0c558a7999809f02fc1806196501430b1d3c54251ae3f3af4a532953b
SHA3-384 hash: 1eef70bdaf93f50217517fd8120b50e064fd0e1caa81091ee678f394f1661bb93656c442f49cf7fb5c2d455225b95b99
SHA1 hash: 52f927d8d236d5c25d5c8526e68c975922754939
MD5 hash: 9f4a4801fd9029e71924b30e91748ea0
humanhash: oklahoma-wisconsin-saturn-iowa
File name:SWIFT DOC _679388 TT 190617_2019-NLCIV000003576_ES146009_30309679.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:525'037 bytes
First seen:2020-06-07 07:41:35 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:CxVpHeTCuuas2pU7NQXP0KaCn0f8pZXU9NL4i8mYg3EB:evQ6as2upQXPB90f0E9gbD
TLSH B9B423E11AB1FF8D14668A79A8096D409EC74985388C42EB6C87F4E39F736C7D3621C9
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: lasfragancias.com
Sending IP: 200.110.77.218
From: vakifleasing <marketinghenkel@lasfragancias.com>
Subject: AW: swift
Attachment: SWIFT DOC _679388 TT 190617_2019-NLCIV000003576_ES146009_30309679.z (contains "SWIFT DOC _679388 TT 190617_2019-NLCIV000003576_ES146009_30309679.exe")

AgentTesla FTP exfil server:
ftp.connectus-trade.net:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Cil
Create hunting rule
Status:
Suspicious
First seen:
2020-06-07 07:43:04 UTC
AV detection:
3 of 48 (6.25%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b6qb7mgflctztgaj6ax4dadbszibimfr2pcueunoh45pjjjssu5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 0fa01fb0c558a7999809f02fc1806196501430b1d3c54251ae3f3af4a532953b

(this sample)

AgentTesla

Executable exe ab1a433953a0fc6ef7159d5eec3d6fa8cc97fff695cd51ab9a5bb9aef4e857f8

  
Dropping
MD5 256b58fb7dd3bb1e36833d133c7ba419
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ab1a433953a0fc6ef7159d5eec3d6fa8cc97fff695cd51ab9a5bb9aef4e857f8

Comments