MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a1afe8b252ade095a258fbb70f020fbc2a7cb709defa19459f1df4bcae137113. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a1afe8b252ade095a258fbb70f020fbc2a7cb709defa19459f1df4bcae137113
SHA3-384 hash: c1a619f8cd88d67f1155d1bc3d075b9bc54e3b37945572668b15f5ec6c3b9664129d42462caad27b080f516aab05e713
SHA1 hash: f683d6b2932e7a0b5dfa8207d9952dc4f1c1534c
MD5 hash: b871df3517e5b728752743d371a5eafd
humanhash: thirteen-arizona-mockingbird-beryllium
File name:New order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:745'556 bytes
First seen:2021-01-08 08:40:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:rwFhYw4KE+HzTsRB/tv4R7VIIAsUwgaSDq6aKstAbL6v7wKOIDI6w1bhsaiWXtX7:rAhFHbHzgTmoIAsT3S7MAXM26w1aAV
TLSH C1F42329BE647BEDEDAD825F23E6A16A54383271F94B10CCFB780FA5650F093CC5150A
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.todo-vision.com.ar
Sending IP: 190.106.132.202
From: john fitzgerald <flavio@todovision.info>
Subject: MMD ORDER
Attachment: New order.zip (contains "New order.exe")

AgentTesla SMTP exfil server:
smtp.seznam.cz:587

AgenTesla SMTP exfil email address:
cynthiabec@seznam.cz

Intelligence

File Origin
# of uploads :
1
# of downloads :
160
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21106.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a1afe8b252ade095a258fbb70f020fbc2a7cb709defa19459f1df4bcae137113/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-01-08 08:41:05 UTC
AV detection:
11 of 45 (24.44%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ugx6rmssvxqjlisy7o3q6aqpxqvhznyj335bsrm7dx2lzlqtoejq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a1afe8b252ade095a258fbb70f020fbc2a7cb709defa19459f1df4bcae137113

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip a1afe8b252ade095a258fbb70f020fbc2a7cb709defa19459f1df4bcae137113

(this sample)

AgentTesla

Executable exe 988a03626122f51e9c3c63ffd4639c00fda40c1d5261872e5026e2a375ec61e2

  
Dropping
MD5 7774e472e344fb1efed09385215be440
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 988a03626122f51e9c3c63ffd4639c00fda40c1d5261872e5026e2a375ec61e2

Comments