MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13f21c563d321e14c5e1addec5ce99b78ad834ccaa57e0f2f4a1f36e276b65aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 13f21c563d321e14c5e1addec5ce99b78ad834ccaa57e0f2f4a1f36e276b65aa
SHA3-384 hash: 8752d34c8f1e73f184429d065fbdf95f4f52e7805908ed4b060cd7d9bc64c8258fb0ce2e4311db974be5dd8589ea5d9e
SHA1 hash: cc4090ad520bde51f0fb991cf06c84f0a7735fe1
MD5 hash: f5c75ee4da834b376d8dc071c6638967
humanhash: pennsylvania-king-finch-football
File name:36637738827729929.pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:386'598 bytes
First seen:2020-05-25 08:38:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:B80CENeg1Vc6k+uaflhZC+r0nOyHU7fnx8rXf4D939WXxaYg54nTTsmGR7DqEGTY:TCENh4+f/aO7fSDm9a44TTxImxEEjvw
TLSH 61842312DD171C1416688A199F4093B0FE9C99624BBB5F6F6EBF10E9E6DD0E3300D5B2
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: insulation-materials.cn
Sending IP: 62.210.77.107
From: Accountant<ravi@insulation-materials.cn>
Subject: FW:Re:Re:Re:P/I
Attachment: 36637738827729929.pdf.zip (contains "36637738827729929pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.299.32262.27742.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 09:36:04 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 13f21c563d321e14c5e1addec5ce99b78ad834ccaa57e0f2f4a1f36e276b65aa

(this sample)

AgentTesla

Executable exe ec78c34e01a21e7580d8c987e8e74930389f6178646875a9ea44f415a5ebf33c

  
Dropping
MD5 870f7a938312eaf7d643902e069db3ce
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ec78c34e01a21e7580d8c987e8e74930389f6178646875a9ea44f415a5ebf33c

Comments