MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51b918759280d73918b5c95201c8c19aeafde675d21f83afc27adec232674254. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51b918759280d73918b5c95201c8c19aeafde675d21f83afc27adec232674254
SHA3-384 hash: 0659a72633319256ecdf7afa0d23573e64a9e858c381fc11c6dc3703e958f3e52ffba674cbe954d3192081d3f1a45a09
SHA1 hash: f5a01264a692558789ea34f1a85e6eeaa1fbfa90
MD5 hash: 6357f3a2d2b5de029bed3bc2b1cc6c8b
humanhash: lima-one-ink-uniform
File name:Covid-19-UPDATE-9000986666.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:619'051 bytes
First seen:2020-03-27 08:15:03 UTC
Last seen:2020-03-27 09:13:37 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:sdnqLw/Q3yJqerFMxGX+sMFPaM+NdPugP12yDpT2U93c5:sdeiyxk+sMFSDPNPoysu3w
TLSH 38D423A53C41B112AE04DF1FDBA6AEFA791CDF406D81BFB397063148992F318A911F91
Reporter abuse_ch
Tags:AgentTesla COVID-19 zip


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: who.int
Sending IP: 194.180.224.65
From: "WHO Representative" <galleag@who.int>
Subject: COVID-19 UPDATE !! MUST READ!!!
Attachment: Covid-19-UPDATE-9000986666.zip (contains Covid-19-UPDATE-9000986666.exe)

Intelligence

File Origin
# of uploads :
2
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 05:51:48 UTC
File Type:
Binary (Archive)
Extracted files:
59
AV detection:
31 of 47 (65.96%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kg4rq5msqdltsgfvzfjadsgbtlvp3ztv2ipyhl6cplpmemthijka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 51b918759280d73918b5c95201c8c19aeafde675d21f83afc27adec232674254

(this sample)

AgentTesla

Executable exe c94d487888c8ca1365ca24c759333f11589c4a744f5174292c961bba808ee7a1

  
Dropping
MD5 4f4e9e293ddcbedc2bafb7c043e06c86
  
Dropping
SHA256 c94d487888c8ca1365ca24c759333f11589c4a744f5174292c961bba808ee7a1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
X
https://twitter.com/abuse_ch/status/1243453567731740672
  
Dropping
SHA256 c94d487888c8ca1365ca24c759333f11589c4a744f5174292c961bba808ee7a1

Comments