MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a5db9cf6ea589d7d0c04cfac8fdbb2a31c152d4b19a2ef9f27db54f20b3f721d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a5db9cf6ea589d7d0c04cfac8fdbb2a31c152d4b19a2ef9f27db54f20b3f721d
SHA3-384 hash: 30e03fd51757fb1d733e2e403687cba387a84a3fb49a56331066c896f9116c797651b4bcd6ffd63d3b9467d11622cdf4
SHA1 hash: 37e394ecc1316db47f94bba3c26727d23f4a1aa9
MD5 hash: c27bb241ebc0e21a1eaf9824b017c517
humanhash: fish-cup-one-alabama
File name:Shipping Documents.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:474'332 bytes
First seen:2020-08-18 06:28:11 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:aG6wQNJO8MtURBWUV2ZZSzsGgP7P4LJTXUf1fXgvxCGxH94BySpiukEiIl6QD/9O:0wQNJarSsGgP+dYXAlu8SpioH59jIFum
TLSH 9CA423AA1A82386EBD39A1F99E01F1052B7A16ADDB3F8F4DE3D55E1C1D446F8C142C70
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: oecgroup.com.cn
Sending IP: 45.137.22.118
From: coco.szn <coco.szn@oecgroup.com.cn>
Subject: Re: AW: AW: Invoice and Shipping Documents
Attachment: Shipping Documents.gz (contains "Shipping Documents.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a5db9cf6ea589d7d0c04cfac8fdbb2a31c152d4b19a2ef9f27db54f20b3f721d/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 23:57:13 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uxnzz5xklcox2daez6wi7w5sumobklkldgro7hzh3nkpecz7oioq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz a5db9cf6ea589d7d0c04cfac8fdbb2a31c152d4b19a2ef9f27db54f20b3f721d

(this sample)

AgentTesla

Executable exe 3de5c485f705f1cdf6088142033fb366aafa369044f74cf5a01a8c3517daa831

  
Dropping
MD5 ad7eebb90710224a5bb500ef4767dcfa
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3de5c485f705f1cdf6088142033fb366aafa369044f74cf5a01a8c3517daa831

Comments