MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a9835d288802f8a03ec9537728bf860b9279055e8379594eb7d167eed58d6d6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a9835d288802f8a03ec9537728bf860b9279055e8379594eb7d167eed58d6d6d
SHA3-384 hash: 2c32854fa53c55011084e0d83ec86508ebd39f0aa9ecd41c86e075ed72365c490cdfedee5e651b4180d3399a1ff35cf7
SHA1 hash: 359998462c63159fe31c9a0348846b4e80c97671
MD5 hash: b292c40c687201c443cbd7b54b6517e7
humanhash: mississippi-sixteen-high-quiet
File name:Bank Statement_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:410'517 bytes
First seen:2020-06-17 05:49:50 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:7o4OfzgT+zUQ8lVS1jz8Q0QjRyju2h5DXSO0IAFU:7IrgT+l1j4lFai5DyBq
TLSH 379423DF51082D16FCB4F0B629E6AFA97704984B9DFD4ACA10F6742C017871BBEC1469
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: max.dlriv.com
Sending IP: 141.105.64.198
From: Martinez Predentt<amabvi@predentt.com>
Subject: BANK DOCUMENT
Attachment: Bank Statement_pdf.gz (contains "Bank Statement_pdf.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 05:51:09 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vgbv2keial4kapwjkn3srp4gbojhsbk6qn4vstvx2ft65vmnnvwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz a9835d288802f8a03ec9537728bf860b9279055e8379594eb7d167eed58d6d6d

(this sample)

AgentTesla

Executable exe ad5d194018074784d3a8ac9aa334d5b0b4c8ec9fe721ba7870ef054e29d4529d

  
Dropping
MD5 253ec1e59c12626e20cf272bb0bdcf7b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ad5d194018074784d3a8ac9aa334d5b0b4c8ec9fe721ba7870ef054e29d4529d

Comments