MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 400fc1821e06cae6b5f2523b8e2888f3b8e9ed31a24a98aa91529ed91e42c85f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 400fc1821e06cae6b5f2523b8e2888f3b8e9ed31a24a98aa91529ed91e42c85f
SHA3-384 hash: 107677fd414dbdbdbcc4df2b81ac3ae9ceaff249ef117a7ab8c93f94fed9083ec16f2f5012db91222744d9b841f473f6
SHA1 hash: 379c21e82421ea4af27ee88b67ba8d6d4e28429b
MD5 hash: ede98ef1119c8bc9692f0601a5607b33
humanhash: east-whiskey-grey-freddie
File name:NEW P O.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'072'415 bytes
First seen:2020-06-08 06:32:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:jc51V24i1FXM42snSeMYo1gbjGN8kamCG+HT9O70fzL9K3tN:wDVzyy45tLjGSnGYT9OAfo3tN
TLSH E13533185116ADA00C70F65128FD77DB3E9AC3090A74299F5A6FBFADCE850CB3955332
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 1asalldirect.com
Sending IP: 103.99.1.147
From: kenny<kenny@1asalldirect.com>
Subject: RE: Urgent Request For Qoutation(RFQ_#20200219)  
Attachment: NEW P O.zip (contains "NEW P O.exe")

AgentTesla SMTP exfil server:
mail.parshavayealborz.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27681.XorExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 04:43:31 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iah4daq6a3fonnpski5y4kei6o4ot3jrujfjrkurkkpnshsczbpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 400fc1821e06cae6b5f2523b8e2888f3b8e9ed31a24a98aa91529ed91e42c85f

(this sample)

AgentTesla

Executable exe 4f21fe22b347c9fbc2fa166100c28c4a718b7b9c64783abc75fe8da75d525248

  
Dropping
MD5 2d6dcaebb17bca2b0df166a83bee07cc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4f21fe22b347c9fbc2fa166100c28c4a718b7b9c64783abc75fe8da75d525248

Comments