MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 124f0c1aefbc7f5f795b5624e57a2ae2e8c6317c785f103b0b7474da0b75d913. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 124f0c1aefbc7f5f795b5624e57a2ae2e8c6317c785f103b0b7474da0b75d913
SHA3-384 hash: 4aba1f32014774e80a0e35ca5c2b21314a26bd05fbf6c79bac0e2b9b892aa87bf5f6bd21431650911ac7d2cf2da15de4
SHA1 hash: 05f98a4caaa871eb57bad6c3e72b8edfbc146c95
MD5 hash: 07cd41e9f6e532654851ffc198bb642e
humanhash: east-april-kansas-ink
File name:eInvoicing_pdf.gz
Download: download sample
Signature AgentTesla
File size:229'481 bytes
First seen:2020-06-30 12:02:43 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:LF643LejOuiNX52OC1ihRO6jBRhGdUVKS3j:Lv+p1gE6Rh73j
TLSH BE2422B4A373B0BC33BF448451AE6A9352821C24C676B9687CB1A17741CB9453BCFD6E
Reporter @abuse_ch
Tags:AgentTesla gz TNT


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: paymontly.servers.prgn.misp.co.uk
Sending IP: 185.20.50.76
From: eInvoicing <tntsupport.admin@tnt.com>
Subject: TNT Express eInvoice notification: 09004105 - Account: 00022259
Attachment: eInvoicing_pdf.gz (contains "eInvoicing_pdf.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 23
Origin country US US
ClamAV Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/124f0c1aefbc7f5f795b5624e57a2ae2e8c6317c785f103b0b7474da0b75d913/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Ursu
First seen:2020-06-30 12:04:06 UTC
AV detection:14 of 48 (29.17%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 124f0c1aefbc7f5f795b5624e57a2ae2e8c6317c785f103b0b7474da0b75d913

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments