MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 780a8cf7171c23c879dde8030d58c669790b3a822efae5fcc5562401b7be63af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 780a8cf7171c23c879dde8030d58c669790b3a822efae5fcc5562401b7be63af
SHA3-384 hash: 62449d865e3e326ed73af6d936f6437b83f914a398baab847e1d231ff24b6ba31de198002d0576dd08db2e8875b9c27e
SHA1 hash: 1fb7da2f7fcae2d9c4e84012a50b9a4926a4bec0
MD5 hash: e00fa00fc5995a9339cc352f98582bcc
humanhash: utah-quebec-april-kitten
File name:Covid-19 Immunity Diet Tips.pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:729'400 bytes
First seen:2020-03-30 11:14:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:6rqAdnKPacucqJ1kBZw+7Nt01p3+M86SEL4o5OPLKajDv2GEW/m7NJsHbpBRUIap:AxFcqkvIp3+QlUo5OTVEWyJUbbRUIap
TLSH 95F423BA299C717C0FD3F2BA4AE760D9278F5658A64C7F2854C45B80607C7F93D0A319
Reporter abuse_ch
Tags:AgentTesla COVID-19 zip


Avatar
abuse_ch
COVID-19 malspam campaign distributing AgentTesla:

HELO: siemens.com
Sending IP: 209.58.149.66
From: World Health Organization <contact@siemens.com>
Subject: Covid19 Latest Tips to stay Immune to Virus !!
Attachment: Covid-19 Immunity Diet Tips.pdf.zip (contains "Covid-19 Immunity Diet Tips.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587 (77.88.21.158)

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.MSILPerseus.215132.11711.468.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-03-30 08:29:02 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
27 of 47 (57.45%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pafiz5yxdqr4q6o55abq2wggnf4qwoucf35ol7gfkysadn56moxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 780a8cf7171c23c879dde8030d58c669790b3a822efae5fcc5562401b7be63af

(this sample)

AgentTesla

Executable exe 1a7fe9f45a80c2dae0237cc9aada201d3fa5eca08bfbc297e48f22faa35f131e

  
Dropping
MD5 d4adb1669e3998404a5428059d1cbe2a
  
Dropping
SHA256 1a7fe9f45a80c2dae0237cc9aada201d3fa5eca08bfbc297e48f22faa35f131e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1a7fe9f45a80c2dae0237cc9aada201d3fa5eca08bfbc297e48f22faa35f131e

Comments