MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3556a1c054ce1da8a314ccce0cff9077dd26165f20a40d9e0826eaa06f0c6e7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3556a1c054ce1da8a314ccce0cff9077dd26165f20a40d9e0826eaa06f0c6e7d
SHA3-384 hash: a44e8f74409bfb6ff8cc957d53139e0646a99811c676687700e65e5046190461695f1a9a974c8c284d3e9a7c9730041b
SHA1 hash: ff913e55d9867ceddb8b8e97620f4d9c5ce1ef7e
MD5 hash: 57d4d8d81fdf372b24596dc5711389f9
humanhash: crazy-october-orange-berlin
File name:GEA_1911006900.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:996'806 bytes
First seen:2020-06-10 06:58:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:9hotLLNQGgoGMDYev67h51g/Q6sNiyh+UZfzod5WRY3JfuzYUxdQo:gLmoRYeuXg/wh+URuZ67Qo
TLSH A825333CD77C299F179A238FC9B54D75A8A0A88FA79CF26F2EC159D906070751CC482E
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: pdlc34160.ciberserver.com
Sending IP: 176.221.34.160
From: Miss. Marie Palmero <opr6.ae@absaco.com>
Subject: DELIVERY ORDER
Attachment: GEA_1911006900.zip (contains "GEA_1911006900.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:00:06 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gvlkdqcuzyo2riyuzthaz74qo7osmfs7ecsa3hqie3vka3ymnz6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 3556a1c054ce1da8a314ccce0cff9077dd26165f20a40d9e0826eaa06f0c6e7d

(this sample)

AgentTesla

Executable exe 1d08ccd9e353e6684b90cef223afd58b740d0b391381c03636b56da17f44e6b9

  
Dropping
MD5 c00fb2fb180772aa27fe98845e7b8cc0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1d08ccd9e353e6684b90cef223afd58b740d0b391381c03636b56da17f44e6b9

Comments