MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56d170d3522d2f5f227bac9823d3c6a885d96909bb0d2d06c79b53b5e52e9b19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 56d170d3522d2f5f227bac9823d3c6a885d96909bb0d2d06c79b53b5e52e9b19
SHA3-384 hash: 92429077c1094f97f1c86de1c72dbbce4b9572b085966bceaa1c58e410ae9eac014b2798ed4ab66b4ad9bfd1a543fc2c
SHA1 hash: 1ab42f456e8c5d2d23a073fa628a2ff66008f7a6
MD5 hash: 78a8ac37bc86c439870df250bf8a9b90
humanhash: comet-whiskey-october-whiskey
File name:DETALLES DE SEGUIMIENTO DE FedEx-pdf.7z
Download: download sample
Signature AgentTesla
File size:1'016'822 bytes
First seen:2020-06-16 13:52:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:VAONHTaaEB82r3kkOPneyUdY5G22GCecxjhJJx:WONzE3glnUtaq3
TLSH A52533D8B047136EE709225F83C88531B52DA1998F319114BABBBBDC43432EB5625F2F
Reporter @abuse_ch
Tags:7z AgentTesla


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: server.linux61.papaki.gr
Sending IP: 138.201.206.39
From: Kimberley Lin <kimberley.lin@fedex.com>
Reply-To: Kimberley Lin <dustiutd12@hotmail.com>
Subject: NOTIFICACIÓN DE ENTREGA FedEx
Attachment: DETALLES DE SEGUIMIENTO DE FedEx-pdf.7z (contains "DETALLES DE SEGUIMIENTO DE FedEx-pdf.exe")

AgentTesla FTP exfil server:
ftp.kassohome.com.tr:21

Intelligence


File Origin
# of uploads :
1
# of downloads :
29
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Threat name:
Script-AutoIt.Trojan.Injector
Status:
Malicious
First seen:
2020-06-16 13:54:05 UTC
AV detection:
16 of 48 (33.33%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 56d170d3522d2f5f227bac9823d3c6a885d96909bb0d2d06c79b53b5e52e9b19

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments