MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 633eba5099f667eab8022baaa6f96f5ac3b113a78bf169cdcc8d1611871e6fc1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 633eba5099f667eab8022baaa6f96f5ac3b113a78bf169cdcc8d1611871e6fc1
SHA3-384 hash: 42bf095557c954706c254d6aad9668a912dca535ba9a39d8da71a7cb635978fcba92a44c6677365cdd570e65678b9688
SHA1 hash: 75f87eb25cdf666cc7f3c754db1d13ab6a56dfd8
MD5 hash: 0376cd0934319f7e36613bd1b56ee6a5
humanhash: golf-fruit-blue-kilo
File name:ACCOMMODATION DETAILS.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'325'456 bytes
First seen:2020-05-04 21:43:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:5ffYmBsBFXD4Lkw+3+XZbJfSCQh4uaL6I3sgYpVmhA3AvNl93JI1NPq/GvigUED/:5LaZ4owlbZGg6I3sgYpVmhA3AvNl98Pj
TLSH 7155333B446535F5B94AA92E6F9A142BC024C58CFDD446DC399CB367A4A22DCF30CB39
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: co.comboserv.live
Sending IP: 45.95.171.143
From: Caroline Nakityo <caroline.nakiyo@giz.com>
Subject: BANK DEPOSIT SLIP FOR ACCOMMODATION
Attachment: ACCOMMODATION DETAILS.zip (contains "ACCOMMODATION DETAILS.exe")

AgentTesla SMTP exfil server:
smtp.erkonsentre.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 22:36:34 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mm7luuez6zt6voacfovkn6lpllb3ce5hrpywttomrulbdby6n7aq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 633eba5099f667eab8022baaa6f96f5ac3b113a78bf169cdcc8d1611871e6fc1

(this sample)

AgentTesla

Executable exe 37c32187fad44edbcaf9d24aef9644dde61ffd09bee98790a3a01951b5d96cbd

  
Dropping
MD5 0352b250f203dcec73b3c06fb9cae7b9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 37c32187fad44edbcaf9d24aef9644dde61ffd09bee98790a3a01951b5d96cbd

Comments