MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 350e9aa2c8bff3fda8e2392a2a7d9bfb2695863eb9843098e46a89b86a9adf0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 350e9aa2c8bff3fda8e2392a2a7d9bfb2695863eb9843098e46a89b86a9adf0e
SHA3-384 hash: 8af45fe2c17f68f11edec884d3b8de6390c798353dca23dbe4b55ba7f01bc91a6cb9b8b9e73689a59e35d230a0f11d6c
SHA1 hash: 8366302e5e8f7db559577f0937637b1900968e44
MD5 hash: ce89a6609df42e6c8a8b455047caf30d
humanhash: lion-jupiter-north-north
File name:campioni di prodotti.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'438'226 bytes
First seen:2020-05-01 14:15:11 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:VRk3RPXxRIbm9sjjpD9DoqqVz8lfrgO2ooV2ECpgD90BaclowKD87aM2P5:jkhPXfWmGnDaU8dJCiDpjlgGME5
TLSH EC6533EE4F7DAB4B0D296101B381947E5383873327A518C82766C0ADD66764C7EB8ECD
Reporter abuse_ch
Tags:AgentTesla geo ITA zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.netsiter.com
Sending IP: 176.223.124.73
From: ilenia <ilenia.nardolillo@escoglobal.com>
Subject: RE: richiesta
Attachment: campioni di prodotti.zip (contains "campioni di prodotti.exe")

AgentTesla SMTP exfil server:
send.one.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Ramnit-1849
Create hunting rule

Win.Trojan.Ramnit-1847
Create hunting rule

SecuriteInfo.com.Trojan.PWS.Stealer.19347.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Virus.Ramnit
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 14:36:01 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
38 of 48 (79.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=guhjviwix7z73khchevcu7m37mtjlbr6xgcdbghenke3q2u234ha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 350e9aa2c8bff3fda8e2392a2a7d9bfb2695863eb9843098e46a89b86a9adf0e

(this sample)

AgentTesla

Executable exe 182b0c57f42b1dce3fd1f38350494d60c8e5bf94bb0aa11bd8136c358b404e9d

  
Dropping
MD5 e1e457fa2be9988f886815338282c97f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 182b0c57f42b1dce3fd1f38350494d60c8e5bf94bb0aa11bd8136c358b404e9d

Comments