MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 288b69902c6820914bdbe5a05e5b924c7cc4a4a87ee4d2bda929b1977707d704. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 288b69902c6820914bdbe5a05e5b924c7cc4a4a87ee4d2bda929b1977707d704
SHA3-384 hash: 27fec620120aafd8fba430b714f0be39b81d115e20565322634115a81685507fa261dca8afae435108e9a9e174e04984
SHA1 hash: f5c7a5db53a5c882109ed933438e01881ec951c7
MD5 hash: 9c9de019e870c1f37070258f14f9fbc2
humanhash: pip-autumn-failed-angel
File name:file.pdf.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'076'574 bytes
First seen:2020-06-08 06:08:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:UZVkg5BZxQ5320J5fCDL6r++8m/N5leFXdzTIpxG7fZbopOL7:UZnPdUwQM0leFtfIK7fpopOL7
TLSH 3B3533FFD030DA871429B586D9829990FECD5B55C69E6FFBA738D80BC73D24CA015A20
Reporter abuse_ch
Tags:7z AgentTesla geo GRC


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 2019.modoweb.es
Sending IP: 185.37.227.24
From: El Haddad Mohamed <Mohamed.ElHaddad@hlag.com>
Reply-To: El Haddad Mohamed <dustiutd12@hotmail.com>
Subject: ΕΠΙΒΕΒΑΙΩΣΗ ΠΛΗΡΩΜΗΣ
Attachment: file.pdf.7z (contains "file.pdf.exe")

AgentTesla FTP exfil server:
ftp.kassohome.com.tr:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 06:10:06 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fcfwtebmnaqjcs634wqf4w4sjr6mjjfip3snfpnjfgyzo5yh24ca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 288b69902c6820914bdbe5a05e5b924c7cc4a4a87ee4d2bda929b1977707d704

(this sample)

AgentTesla

Executable exe 3700c06246cb6d52031534a03edc005e202a26cd016cc0ab13582ff6f6df5bda

  
Dropping
MD5 84185d99222ed98edd6d4eafa09350f6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3700c06246cb6d52031534a03edc005e202a26cd016cc0ab13582ff6f6df5bda

Comments