MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 335301dd68f7161ccb471bbfd8ce6dd5fac1291fb2f2c8273c5f19fd029bf11b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 335301dd68f7161ccb471bbfd8ce6dd5fac1291fb2f2c8273c5f19fd029bf11b
SHA3-384 hash: 1c4112e50cc970b0ad9b0918d65aaa0ff447291bb6094b23ff85804a85411c344851031680ed3c8cc6b098edc9480544
SHA1 hash: 7cf06bbade767970b673a599c94d8411a9c704d7
MD5 hash: 62437b217d753f4f7181bb57534ed9b9
humanhash: cold-massachusetts-ohio-white
File name:090922209000.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:538'189 bytes
First seen:2020-04-29 19:35:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:n/cuD+9c7G59Pr1cYaE6O69jbwwkAiQln1zAGTGQ7:n/9qPr1Ja3O4Plnl9CQ7
TLSH 0FB42363B6AA714A9DC3849B758358D476342FF12F4CD0BAD68246CFCFA61B44A4CEC1
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mono.avnam.net
Sending IP: 190.210.186.210
From: Sales <sales@valveandfitting.com.au>
Reply-To: sales@valveandfitting.com.au
Subject: Request invoice clarification
Attachment: 090922209000.z (contains "090922209000.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 04:41:54 UTC
File Type:
Binary (Archive)
Extracted files:
41
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gnjqdxli64lbzs2hdo75rttn2x5mcki7wlzmqjz4l4m72au36enq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 335301dd68f7161ccb471bbfd8ce6dd5fac1291fb2f2c8273c5f19fd029bf11b

(this sample)

AgentTesla

Executable exe 207d485dc8d7045b026b48f749be81e72b1cecc209a92809639df496b63eddd3

  
Dropping
MD5 56ded7c8d7ace70e1246acea37bf6a82
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 207d485dc8d7045b026b48f749be81e72b1cecc209a92809639df496b63eddd3

Comments