MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ea032bae589090e2cfb344953ab9adc4eac2338dd36dd329ac65047f9cfe2ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ea032bae589090e2cfb344953ab9adc4eac2338dd36dd329ac65047f9cfe2ab
SHA3-384 hash: 2a36c19203c854d66d895c53c0fb6dec8b783aecdc69aab1f0d9b355c16f644bb2b98722f1fce27cb7c7cb0cb566e024
SHA1 hash: 628d65df49175ff072109de03489b0ed41e77521
MD5 hash: 0c83527be6a5b5fdd5135ce770d445a7
humanhash: butter-berlin-yellow-don
File name:AWB, P.LIST, INV082020.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:530'113 bytes
First seen:2020-10-27 08:57:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:1HEerb9QypLnI5a3FkVgPq3l3iK2k9S53oB03s:1kerbKwPagysPk9+c
TLSH 2AB423A5D72B0BBCA444D8CC1CBD2C06C326F6245A2B2BCFD9FD75CA5ABD12541EE442
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps.nestorhosting.in
Sending IP: 209.42.195.232
From: Import & Export Co., Ltd <Emily@jiasun.com.cn>
Reply-To: info@saapec.com
Subject: Re: AW: AW: AW: Shipping Documents – Packing List & Commercial Invoice
Attachment: AWB, P.LIST, INV082020.zip (contains "AWB, P.LIST, INV#082020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.InjectNET.14.28755.4420.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5ea032bae589090e2cfb344953ab9adc4eac2338dd36dd329ac65047f9cfe2ab/
Threat name:
Win32.Trojan.Ursu
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 21:45:40 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l2qdfoxfreeq4lh3grevhk423rhkyizy3u3n2mu2yziep6op4kvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 5ea032bae589090e2cfb344953ab9adc4eac2338dd36dd329ac65047f9cfe2ab

(this sample)

AgentTesla

Executable exe bce2ea2d104a5da7bfa34d0a5157893ae62b5d009783e62e7a557a22ba0c807a

  
Dropping
MD5 35d1d97cc2a4ee3ae37c59bfd4bc4ab3
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bce2ea2d104a5da7bfa34d0a5157893ae62b5d009783e62e7a557a22ba0c807a

Comments