MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90b6a73c829a060af416d82d5c82773928077d4f05ed95080e6da64148bf0675. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 90b6a73c829a060af416d82d5c82773928077d4f05ed95080e6da64148bf0675
SHA3-384 hash: e80ba79e5888a6e978b43ef2d3c28418294d52be5bbc125b450178acdf922db8ffb931e6d08ce373718209665d45d03e
SHA1 hash: c44ef62a98e5a3f2e39c6b72d40f6cb427b0b04b
MD5 hash: cb13df63bbc9255a683738d551b515f8
humanhash: oven-may-item-ack
File name:Statement Account - MAY 2020-pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:481'799 bytes
First seen:2020-06-02 10:31:31 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:i/bAf4Bt5JJb4dSsnDBbGaQMXdncjOOBk/kroo:SbAAt+dSsDJzQmdncHBk/k5
TLSH 16A423278497E1D47FA1786324505FEE498D25E4A0DF222AF9AF339303127A76359C3E
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: clicklife.clicklifeuae.ae
Sending IP: 64.64.4.134
From: Annie <annie@shimoda.com.my>
Subject: Statement Account - MAY 2020
Attachment: Statement Account - MAY 2020-pdf.zip (contains "Statement Account - MAY 2020-pdf.exe")

AgentTesla SMTP exfil server:
mail.hitechnocrats.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 10:37:12 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sc3kopectidav5aw3awvzatxheuao7kpaxwzkcaonwtecsf7az2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 90b6a73c829a060af416d82d5c82773928077d4f05ed95080e6da64148bf0675

(this sample)

AgentTesla

Executable exe d146eb20c0c3745f4e74267f468a4fc870c1639b48bdd634d10f82856e7b59e9

  
Dropping
MD5 fbb290fd8d65ca723cf81a9f9ed20c02
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d146eb20c0c3745f4e74267f468a4fc870c1639b48bdd634d10f82856e7b59e9

Comments