MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c9b550115681c37f855c27858af8b16331f98c008d2e385fbbc77e266cea2fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c9b550115681c37f855c27858af8b16331f98c008d2e385fbbc77e266cea2fa
SHA3-384 hash: 957314e49dafcfcd4dc3312b51708e2e7106b68cb9e41f01609632b49ef2643ab2cfa2f8ff017e1ed694bbe6df825786
SHA1 hash: c96b34d43e387d2816c3cda080efa948c5b74d29
MD5 hash: 8b5d078938cabd3c460292b150fc4e80
humanhash: sierra-louisiana-six-carpet
File name:6u87657956454788order8976866.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:382'392 bytes
First seen:2020-10-23 11:35:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:gGLE+48HXcapTAq2l/vkINyssoUX37bCcf8IIUgSDbpY8ueCW4/A2NQIoixaV:xLP4Ac8vivJNysfK7ufbADbO8uep4/n8
TLSH B984239E40F9800CC82E8A6EBCE825D8D304C1754624C857B136FA5BE8E57AD7BB1B57
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ko
Sending IP: 185.236.231.232
From: Root User <root@localhost>
Subject: PO# 564578697887 deliver before 30th December
Attachment: 6u87657956454788order8976866.zip (contains "6u87657956454788order8976866.exe")

AgentTesla SMTP exfil server:
mail.fetichalga.com:587

AgentTesla SMTP exfil email address:
ko@fetichalga.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.19901.19392.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c9b550115681c37f855c27858af8b16331f98c008d2e385fbbc77e266cea2fa/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lsnvkaivnaodp6cvyj4frl4lcyzr7ggabdjohbp3xr36ezwoul5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5c9b550115681c37f855c27858af8b16331f98c008d2e385fbbc77e266cea2fa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 5c9b550115681c37f855c27858af8b16331f98c008d2e385fbbc77e266cea2fa

(this sample)

AgentTesla

Executable exe 4585051dc6b7393255db1838a6ced5e5005da977ea7be332cc6540bcfe0379fc

  
Dropping
MD5 cec34286d1e252676fb44565ddb14663
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4585051dc6b7393255db1838a6ced5e5005da977ea7be332cc6540bcfe0379fc

Comments