MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af7ad8af0a6bbdf4ce9878fa5a2e74b6e6ed36870dfdc236f37eb07f8d6c200f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af7ad8af0a6bbdf4ce9878fa5a2e74b6e6ed36870dfdc236f37eb07f8d6c200f
SHA3-384 hash: c4c56cfc531a7583839181af525d8a3a0ffa42f20d7c578de394d26258da2b488a3051ff4db7ec1f76ce8591520434b3
SHA1 hash: fde7ef5d1cd7c36623716a4a005d2e30e71d3fc4
MD5 hash: b747d38aca9581488cc89ab004428b61
humanhash: mike-illinois-sad-mirror
File name:paid.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'045'023 bytes
First seen:2020-05-26 09:35:48 UTC
Last seen:2020-05-28 19:45:03 UTC
File type: zip
MIME type:application/zip
ssdeep 24576:e9YmBsBFXD4LkwrvksenEVv3fYNafPEW7u:cLaZ4owrvkQ53gNaf/K
TLSH 67253323B2973CF473276027998EB9AC09A2F1BAE475563C48FA3578DD1B1C8F21D521
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: eurogeste.com
Sending IP: 92.240.245.231
From: comptabilite | EUROGESTE<comptabilite@eurogeste.com>
Subject: Payment done
Attachment: paid.zip (contains "paid.exe")

AgentTesla SMTP exfil server:
business40.web-hosting.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 12:59:43 UTC
File Type:
Binary (Archive)
Extracted files:
28
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip af7ad8af0a6bbdf4ce9878fa5a2e74b6e6ed36870dfdc236f37eb07f8d6c200f

(this sample)

AgentTesla

Executable exe 9ad59dbde96b7004dc882af424709621e29c6a11602e4b8d681ab7cfe9e838f5

  
Dropping
MD5 338d175e3bfa2ee756a213e972062989
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9ad59dbde96b7004dc882af424709621e29c6a11602e4b8d681ab7cfe9e838f5

Comments