MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad1f480a2ebc3a66e4f57c0daead5aae92cc34fba313079a2b4e674a1c3cb1bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ad1f480a2ebc3a66e4f57c0daead5aae92cc34fba313079a2b4e674a1c3cb1bc
SHA3-384 hash: fe9a2b04d8bfe4943e7375754a3cb6ed175df51ea1a5597b061c5df40b7f3f05fe3efe7fb4216814564518c5ec27fcab
SHA1 hash: c768b9c3f58ca6923d55b4d04c84d5a26dbac99a
MD5 hash: 3be9ac7238cdabf65c11dddfc1cd09d0
humanhash: emma-nebraska-romeo-ink
File name:PI.Adobe.pdf.gz.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:369'453 bytes
First seen:2020-06-19 17:00:11 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Ly3y1tSO1eaVtqG5kZJNuq5WukJGnA8p5VibBZq7W7Hr36bCiJtnaXZ3O8:LVtP1t3hA+upL+3qqS7tna1O8
TLSH 70742320FDC380A6F69726C5851314B4A955D8BA571B7BF6FC9D00B3232EAA0E749C1F
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.galennou.com
Sending IP: 45.95.169.43
From: SATISH KHOSE <satish@ssplpune.com>
Subject: Proforma Invoice
Attachment: PI.Adobe.pdf.gz.zip (contains "PI.Adobe.pdf.gz.exe")

AgentTesla SMTP exfil server:
smtp.rezuit.pro:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 17:35:51 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vupuqcroxq5gnzhvpqg25lk2v2jmynh3umjqpgrljztuuhb4wg6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ad1f480a2ebc3a66e4f57c0daead5aae92cc34fba313079a2b4e674a1c3cb1bc

(this sample)

AgentTesla

Executable exe b847ee42e6237b9e237bb9a762cd3f03a1da2d4a826cc395267bcfc74d0ccea7

  
Dropping
MD5 fd3b5a686f0834f9850ac1c2a4384df5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b847ee42e6237b9e237bb9a762cd3f03a1da2d4a826cc395267bcfc74d0ccea7

Comments