MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa4cea4dc5134e3619e788685379e6431a2a8aa17c2a55a12c08b9ca11a13a32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa4cea4dc5134e3619e788685379e6431a2a8aa17c2a55a12c08b9ca11a13a32
SHA3-384 hash: e205d87fab350a1df539bc04579760532cb4dc3d252195115623fc58acee71a8d42bad2955ffc5155385c8f591ce9506
SHA1 hash: 77a2d01ed25698e849f0785327a2ec39820a6fef
MD5 hash: 63c4de6d29d26e1816305407310bfa84
humanhash: violet-monkey-river-violet
File name:Revised PI.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:386'944 bytes
First seen:2020-06-11 09:33:13 UTC
Last seen:2020-06-12 09:38:49 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:fZ089jKbFrsDf6VlggWOhPqi7FSJ0slU41KuOtIPI6afAT4Ixl9Z2dNiVgv05kDw:fZ0WorIfaggT7Fi0rt+QJQVPwi6yku
TLSH 448423A8E534453DC222EDFB40B8D66B443B76E0C899DB2FA568F58DCFD225DD089E01
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: addaaninternational.com
Sending IP: 156.96.62.208
From: Abdul Basit <zaman@addaaninternational.com>
Subject: Revised PI
Attachment: Revised PI.pdf.z (contains "Revised PI.pdf.exe")

AgentTesla SMTP exfil server:
mail.bestinjectionmachines.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 09:36:01 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vjgoutofcnhdmgphrbufg6pgimncvcvbpqvflijmbc44uenbhiza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip aa4cea4dc5134e3619e788685379e6431a2a8aa17c2a55a12c08b9ca11a13a32

(this sample)

AgentTesla

Executable exe 41eacb31f32da496ed3d78e3b90797bea286f56808a09ab339846ee3aa18b643

  
Dropping
MD5 3069dcf1e179bcc5b6b37a597632d2c0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 41eacb31f32da496ed3d78e3b90797bea286f56808a09ab339846ee3aa18b643

Comments