MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33e9b354cc1112fb1311b74bce6db54f33e68719d0c3736804d62b4f00e49687. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 33e9b354cc1112fb1311b74bce6db54f33e68719d0c3736804d62b4f00e49687
SHA3-384 hash: 1c8a2dd81b25d1bff7ffda9aa35aad1693d067370faa4694100d608b252b0a1c1e4e3093b2c6507eba21ce21e4c746b1
SHA1 hash: aff1a9f2fd39912f8b9affe9cabec46ec15ce732
MD5 hash: 5992ee659719d4dc5b987f4cd576b924
humanhash: arkansas-oregon-fifteen-fifteen
File name:payment to new bank account.lip.zip
Download: download sample
Signature AgentTesla
File size:403'626 bytes
First seen:2020-06-24 14:28:55 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:rko33bNRKODgzL/QrZyqqvCiEouZLwYVe:Io3LNAODgzL/EZSEocLnM
TLSH FF842350A559BE470437CB76783268A4C3655DCEDBE3A72298FCC72F66CE8808C4C1B6
Reporter @abuse_ch
Tags:AgentTesla zip


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: phoenixtextile.com
Sending IP: 209.58.149.66
From: lbenson@phoenixtextile.com
Subject: Payment to new bank account
Attachment: payment to new bank account.lip.zip (contains "payment to new bank account.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
42
Origin country :
FR FR
Mail intelligence
Geo location:
IT Italy
Volume:
Low
Geo location:
Global
Volume:
High
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.Skeeyah
Status:
Malicious
First seen:
2020-06-24 14:30:08 UTC
AV detection:
21 of 30 (70.00%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 33e9b354cc1112fb1311b74bce6db54f33e68719d0c3736804d62b4f00e49687

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments