MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa3d1cebb7bfcfa4de14d62a5bc25b6db575bdb7eb8c3772b904bd3d734e4a5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: aa3d1cebb7bfcfa4de14d62a5bc25b6db575bdb7eb8c3772b904bd3d734e4a5d
SHA1 hash: e5b059fb672d98ed727a6c0a9b9f8df69606c330
MD5 hash: 3a0126ae46a038794dc2dde72092b9ec
File name:78493 list.zip
Download: download sample
Signature AgentTesla
File size:271'082 bytes
First seen:2020-05-22 14:59:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:tLOUiV2gv8o9riiePfkV8CRQQI/LFTgc9b8SU87uAW9Rv:4Ui4G8e7eUVFkFTRPUtrj
TLSH F944234B714F3459857CD029662F9204B584E23AF462E9EFDB03FC69C4779FC798902A
Reporter @abuse_ch
Tags:AgentTesla zip


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: gateway36.websitewelcome.com
Sending IP: 192.185.199.121
From: info@styloharness.com
Subject: Product Inquiry
Attachment: 78493 list.zip (contains "78493 list.exe")

AgentTesla SMTP exfil server:
premium49.web-hosting.com:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 23
Origin country FR FR
ClamAV SecuriteInfo.com.MSIL.Kryptik.VZM.26428.UNOFFICIAL
VirusTotal:Virustotal results 29.23%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip aa3d1cebb7bfcfa4de14d62a5bc25b6db575bdb7eb8c3772b904bd3d734e4a5d

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments