MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 21f56dba52df5bc34161508d011c9105d583ae9e9afd50ed2569969a9f8956a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 21f56dba52df5bc34161508d011c9105d583ae9e9afd50ed2569969a9f8956a7
SHA3-384 hash: 7f252ad253f4741ed71165e15c414966b44137dd5078f48fd03f4f31cd0e3b0e219dc0c7638d363ad47e8bf688aa505b
SHA1 hash: 98d13d911c6e5dafffd876bf2b74fa2523e98b0e
MD5 hash: 7f12e2b00b8a5e1a389292964d1d750a
humanhash: black-lactose-romeo-oregon
File name:PAGO.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'341'813 bytes
First seen:2020-05-04 21:45:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:F+9VEg5BZwq/ZHTuZ70n0zvgooGAP1XL0qXWlnQaaJ3Od2vvQfmc5bgebtBRWrm2:FALPwq9TuZgCg1YqCRoedovQfmm5bfRq
TLSH B755334AF8E2D57EAFFFD506F6180B6AED74D23B6324860A7CC6D1D990903B45F26012
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: s17583606.onlinehome-server.info
Sending IP: 82.165.194.211
From: Pablo Casado <info@artmaticeg.com>
Subject: COPIA DE PAGO
Attachment: PAGO.zip (contains "PAGO.exe")

AgentTesla FTP exfil server:
ftp.mse.com.cy:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 21:53:49 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=eh2w3oss35n4gqlbkcgqcheraxkyhlu6tl6vb3jfngljvh4jk2tq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 21f56dba52df5bc34161508d011c9105d583ae9e9afd50ed2569969a9f8956a7

(this sample)

AgentTesla

Executable exe 1b8967747fc03efc0867c491b18e3f3be0b35b9c068499ae3d35f6e860f6ec7d

  
Dropping
MD5 4be5b3384f2eeb9722f3287f24bb7cd2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1b8967747fc03efc0867c491b18e3f3be0b35b9c068499ae3d35f6e860f6ec7d

Comments