MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ea6bdd062ad6c04487ff5b24e989376d1a35da3e25da37320960141087bda36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ea6bdd062ad6c04487ff5b24e989376d1a35da3e25da37320960141087bda36
SHA3-384 hash: bae137176b1da241e7f32b7bbdc146085ab4a8f9127231063e19377014c22cf38ef25ef069186279b1a209769f265216
SHA1 hash: c4b9cafb01a963c535b0d619af15adea4b2fcb8a
MD5 hash: 7986c943e6135d6fd9d701f0709ef5ca
humanhash: carpet-fifteen-twenty-jersey
File name:PAYMENT ORDER_POR08173.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'280'091 bytes
First seen:2020-05-04 18:00:20 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:gFpFkrLBJsHlfNFdAoBh6d81GXanKW/Axl/TaVc11jmVOYCeYet/aYZ5+0I:gFIrzcXn6u1Gwh/CrawmVOYieQ+M0I
TLSH 4445332960670B2DB026024FB9CE102749A8ED310DFF4A177A919B32D758F975FE93D8
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: s111-ir-cpanel-trade.maindns.net
Sending IP: 185.165.116.18
From: ÖMER SÜLEIMAN <info@altunkaya.com>
Reply-To: account1.altunkaya@gmail.com
Subject: Wire Transfer details for our POR08173
Attachment: PAYMENT ORDER_POR08173.zip (contains "PAYMENT ORDER_POR08173.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 18:36:05 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
29 of 48 (60.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=j2tl3udcvvwaisd76wze5geto3i2gxnd4jo2g4zasyauccd33i3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 4ea6bdd062ad6c04487ff5b24e989376d1a35da3e25da37320960141087bda36

(this sample)

AgentTesla

Executable exe daf85125c5d6321b947f76ed13b2b582dede11879e73a073aa0feb1a9b87eca0

  
Dropping
MD5 3b0a3396dbb752ea388c36fd199e9e46
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 daf85125c5d6321b947f76ed13b2b582dede11879e73a073aa0feb1a9b87eca0

Comments