MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73e957a1aa3cf4bbb325f9772cb7af8af56077c6f690ef7c68b2921a4f6cca05. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73e957a1aa3cf4bbb325f9772cb7af8af56077c6f690ef7c68b2921a4f6cca05
SHA3-384 hash: 3ae3225a80bcfb830147203720089882ec01e1705bc63514992fa65db65301bc734de06036284cb74c2d65e86ce5083d
SHA1 hash: a47232fa431276851217e003492c1c0b1118b363
MD5 hash: 39e695a9f94c99e84378e5864980f565
humanhash: quebec-oranges-speaker-sad
File name:proforma invoice.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'083'759 bytes
First seen:2020-05-28 08:32:39 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 24576:noizdBMPa131nNyL5JJ/xcRjj+I7waabziDnTK0T+Rm:noizdBSI1nC5J4mI0JbD0T+w
TLSH 5B353357F393E5FC633D4C3599E2068C3389981B99DEBD889B7C09D1683A2FE94C4492
Reporter abuse_ch
Tags:ace AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: thermocool.co.ug
Sending IP: 70.35.202.75
From: adana <adana@sarten.com.tr>
Reply-To: adana@sarten.com.tr
Subject: Re: Proforma Invoice
Attachment: proforma invoice.ace (contains "proforma invoice.exe")

AgentTesla SMTP exfil server:
mail.tipusurgical.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 08:35:50 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 73e957a1aa3cf4bbb325f9772cb7af8af56077c6f690ef7c68b2921a4f6cca05

(this sample)

AgentTesla

Executable exe abe31ed969a901ceaf37db8f559cea9f23facc8c37a691777a64a45e24a94307

  
Dropping
MD5 4a6a3c97788e24a098f224db11c16228
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 abe31ed969a901ceaf37db8f559cea9f23facc8c37a691777a64a45e24a94307

Comments