MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a1fb58e2b9bb647ad3db475134b3bb55927dbd1b91be49063f9805f3e050d11. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a1fb58e2b9bb647ad3db475134b3bb55927dbd1b91be49063f9805f3e050d11
SHA3-384 hash: 7ca3c267b2672a94f7045c88389e1c38b3354062c4d9c38e003a4504c0dd20887065541d8041fca4676d51619736d3c4
SHA1 hash: c1d228d6ffb179d49ffb0c1c018ac7d03f19ed7b
MD5 hash: 0aee7f6d6ef3a529a83ebf404efd1a5a
humanhash: avocado-may-ohio-illinois
File name:1090800000.CAB
Download: download sample
Signature AgentTesla
Create hunting rule
File size:433'309 bytes
First seen:2020-04-29 17:46:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:qu41zZ2tvkwfQ7UEiCcOQ/yd1J/Me6NfwbERg0KU/cg337rT8kk:qug9Evk5DzcOQ/yjdMOEwU/cWrT8kk
TLSH 6594234785EC2EE73CA5D4EBDB151D24FC0EF3C85B09E69E105A628DA38BC7A044B587
Reporter abuse_ch
Tags:AgentTesla cab geo THA


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mono.avnam.net
Sending IP: 190.210.186.210
From: Mandy-chen <mandy-chen@alpha-plus.com.tw>
Reply-To: mandy-chen@alpha-plus.com.tw
Subject: ชี้แจง\x0aใบแจ้งห\x0aนี้
Attachment: 1090800000.CAB (contains "090800000.exe")

AgentTesla payload URL:
https://paste.ee/r/JeFGE

AgentTesla SMTP exfil server:
smtp.ionos.mx:587 (74.208.5.8)

AgentTesla SMTP exfil email address:
lety@solar-pro.mx

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Rdn
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 18:36:00 UTC
File Type:
Binary (Archive)
Extracted files:
23
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nip3ldrlto3eplj5wr2rgsz3wvmspw6rxen6jedd7gaf6pqfbuiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6a1fb58e2b9bb647ad3db475134b3bb55927dbd1b91be49063f9805f3e050d11

(this sample)

AgentTesla

Executable exe 8a6396b1db9c4c2eaa48f4306e06700ac576045d558aef354bac424f14dadace

  
Dropping
MD5 50be5ecc37d5a7c02844996c7093d292
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8a6396b1db9c4c2eaa48f4306e06700ac576045d558aef354bac424f14dadace

Comments