MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae4925b914ab46e06b64a33fdfefcfc357d3cba73c955e529e24072546e40695. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae4925b914ab46e06b64a33fdfefcfc357d3cba73c955e529e24072546e40695
SHA3-384 hash: b4ed1005cd2ae1bdfa667d91783fa64013c85044787fc56fc0acebfc3d08c4959b164160b0641583016f8b0358492a31
SHA1 hash: cc2cc3eddc3176c386eb91fcf4ef9b1deac7e2c6
MD5 hash: 2a167553e9b124c4a49cf564ca34da9b
humanhash: illinois-pip-fourteen-oven
File name:PO12408.Z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:400'073 bytes
First seen:2020-08-05 09:19:31 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:vXcJHM+Q39Pl2H8qHWrlKnD/EbEgp1WPC/AlE/gLWVi4pb+n4VnpLUOibNfFZ8:vXApQ39PW8qHWQgSPC/IWVLpVobVFZ8
TLSH 49842350947B4AE880B0D5FA9C96F16E80373B0FB953B93427A275DE996315C0F6F22C
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: emirates.net.ae
Sending IP: 37.49.230.200
From: Arun James <houbylaw@emirates.net.ae>
Subject: Purchase Order
Attachment: PO12408.Z (contains "PO#12408.exe")

AgentTesla SMTP exfil server:
mail.transfastc.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27363.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ae4925b914ab46e06b64a33fdfefcfc357d3cba73c955e529e24072546e40695/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 09:21:05 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vzesloiuvndoa23eum75736pynl5hs5hhskv4uu6eqdskrxea2kq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ae4925b914ab46e06b64a33fdfefcfc357d3cba73c955e529e24072546e40695

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z ae4925b914ab46e06b64a33fdfefcfc357d3cba73c955e529e24072546e40695

(this sample)

AgentTesla

Executable exe 8d586c82d5848fbb3bc04edb076ca3bef09ed04006357f15fca5a131a73f8286

  
Dropping
MD5 a5be208c46915393d1d2a1b90fb734ab
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8d586c82d5848fbb3bc04edb076ca3bef09ed04006357f15fca5a131a73f8286

Comments