MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4010212187eb6f468b653fc7bc5714d81c7da6d0d1c73bdcebd271a002b79eaa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4010212187eb6f468b653fc7bc5714d81c7da6d0d1c73bdcebd271a002b79eaa
SHA3-384 hash: 4a207c95e7860320c2b5186acec360c697c20f278c2113405f5810dfeb30450e82e41d98af9c753db5e66e31b049c980
SHA1 hash: 03f320b7dcce7cc86ece129615c450a45789ebbf
MD5 hash: ed738ae9e3b3ecefeba83eb00b2b42ec
humanhash: beryllium-delaware-undress-jersey
File name:Shipment Details.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:534'160 bytes
First seen:2020-05-05 07:45:50 UTC
Last seen:2020-05-06 22:11:18 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:I/GV3UoTQegd3EYl73xzeESQXAm75XPyyq7Q94tyvuXdbifFq:IeVkovgd3Rl73gCAgPA74aK6wFq
TLSH 9CB423977D25AB1F07C7A63881242395AB75BC4FF29320C280EB615EA3DBC9BC361751
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: wisejoyint.com
Sending IP: 103.99.1.174
From: Mikey Tchiu<mikeytchiu@wisejoyint.com>
Subject: INVESTMENT INQUIRY
Attachment: Shipment Details.zip (contains "duk (1).exe")

AgentTesla SMTP exfil server:
mail.hotel71.com.bd:587

Intelligence

File Origin
# of uploads :
10
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisFBC8FC31A49A.1593.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 08:36:13 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iaiccimh5nxunc3fh7d3yvyu3aoh3jwq2hdtxxhl2jy2aavxt2va._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 4010212187eb6f468b653fc7bc5714d81c7da6d0d1c73bdcebd271a002b79eaa

(this sample)

AgentTesla

Executable exe 6e70926884bf8f8e7800764e8a08ed9656a3bb5efc7e94816967ffb322fde763

  
Dropping
MD5 fbc8fc31a49ac108bd3493cbe4c347b1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6e70926884bf8f8e7800764e8a08ed9656a3bb5efc7e94816967ffb322fde763

Comments