MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 391943e0960ae0db515dd318e80bc15ab6b0829a8d962e34cca2702905bd4be0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 391943e0960ae0db515dd318e80bc15ab6b0829a8d962e34cca2702905bd4be0
SHA3-384 hash: 7bbd236d48ca387b4d1df76bcd80135b34dba5ba1997ea66c3f8ac2fc3007a27a67ce3a65910ca520b6a66d4a229cbd7
SHA1 hash: cf36807137e4f224b2d79108858c9fc14254a937
MD5 hash: b4c59112e41ad39a57dea234bc155e2b
humanhash: ceiling-salami-carbon-ceiling
File name:FedExi JÄLGIMISANDMED-pdf.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:500'468 bytes
First seen:2021-02-11 10:08:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:QzJWmXTM8nCuG7rUv48SfC0q08mS33Jal66B7o70sN:Zmo8nFGMwxfxq0bSps6mo71
TLSH 40B423F645814ED1B22E244CD41FA9FF6B09A393192BADEEEC6A37A4CCC53C14815A1C
Reporter abuse_ch
Tags:7z AgentTesla EST FedEx geo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: serv1.qis.fr
Sending IP: 87.106.15.143
From: Marta Slowinska (FedEx) <marta.slowinska.osv@fedex.com>
Reply-To: Marta Slowinska (FedEx) <baeutyslondon@yahoo.com>
Subject: FedExi TARNIMISTEADE
Attachment: FedExi JÄLGIMISANDMED-pdf.7z (contains "FedExi JÄLGIMISANDMED-pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_badexts47.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/391943e0960ae0db515dd318e80bc15ab6b0829a8d962e34cca2702905bd4be0/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-12 04:16:41 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hemuhyewblqnwuk52mmoqc6blk3lbau2rwlc4ngmujycsbn5jpqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 391943e0960ae0db515dd318e80bc15ab6b0829a8d962e34cca2702905bd4be0

(this sample)

AgentTesla

Executable exe f25c5db1d1c499679b705f32ac16ce11e53b7651b1133eb97418798f6ba23764

  
Dropping
MD5 4153ffc2b69bc3eab40499e8ff3df8d4
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f25c5db1d1c499679b705f32ac16ce11e53b7651b1133eb97418798f6ba23764

Comments