MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d0995b73fd5311428d2ce53386ad75782881c7c5cf37d27226741da9390efe3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d0995b73fd5311428d2ce53386ad75782881c7c5cf37d27226741da9390efe3
SHA3-384 hash: b815c147342b546d7b45327179332bace287b3a2ac439537d9aa1ce30793cd553acc63c83b896f098969da7c1d8c2a10
SHA1 hash: 08b5c1f7a0ee9a4691538874dfc8dd682d6bdebf
MD5 hash: 421f895f293d3eaa83c09c5cc474eb20
humanhash: wolfram-quebec-november-speaker
File name:SolutionFighting_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:504'772 bytes
First seen:2020-03-28 12:28:39 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:QP7ZD5GSDnylcQ7gMS8fAvB81+IFAp7ZfglRgJdlf:g7bb+cNMS8fAeFkWlRgJdlf
TLSH 7AB423DFC8585B0D5500243A0CD8DA4FAA76B5F60F356120B3B3EEE4E9769A603E05F9
Reporter abuse_ch
Tags:AgentTesla COVID-19 gz


Avatar
abuse_ch
COVID-19 themed malspam dropping AgentTesla:

HELO: staging.maykenbel.com
Sending IP: 195.12.49.182
From: Johnny Meng <thanh@oriontex.com.cn>
Subject: SOLUTION FIGHTING COVID-19
Attachment: SolutionFighting_pdf.gz (contains SolutionFighting_pdf)

SMTP exfil server:
mail.edifler.xyz

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-28 12:35:20 UTC
AV detection:
30 of 47 (63.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=duezlnz72uyrikgszzjtq2wxk6biqhd4ltzx2jzcm5a5ve4q57rq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 1d0995b73fd5311428d2ce53386ad75782881c7c5cf37d27226741da9390efe3

(this sample)

AgentTesla

Executable exe 342cb45a17253c6e1a88c20c3705beabc62c44844285d499f4be6eabf9720034

  
Dropping
MD5 9e3e085834e8b54919f419572eaac146
  
Dropping
SHA256 342cb45a17253c6e1a88c20c3705beabc62c44844285d499f4be6eabf9720034
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 342cb45a17253c6e1a88c20c3705beabc62c44844285d499f4be6eabf9720034

Comments