MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0575e510f42462360853c28bd55ff549b18590cc2d0fe80193316422f30f94e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0575e510f42462360853c28bd55ff549b18590cc2d0fe80193316422f30f94e
SHA3-384 hash: 7c293bf7053fc03dacd6072c8c4aecd07c2b608ea2e28c9fc08aa139eeef972738e3c0a679c0152c1a1d51a2501f0190
SHA1 hash: 4e67f0dcc03e05ad42853d25c23e6fc491c48fcc
MD5 hash: a39489d5f178d46fee1b999693408617
humanhash: saturn-potato-robert-summer
File name:Transactions_PDF.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'159'572 bytes
First seen:2020-05-28 07:02:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:EnIGnO0e15lOZqrFUmkWauOWUfyXwZs2ueH9lSaFq7w:EnaL5E4uX9f5BjX
TLSH 8435331BB75AFF1CD9AF6620E96B1C3AB189B527217E1262D3CEC8395375C58001837B
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server1.bluecloud.jo
Sending IP: 81.95.158.149
From: ALPHA BANK <accounting@ekyo.gr>
Subject: Alpha Web Banking: 28/05/ 2020
Attachment: Transactions_PDF.7z (contains "Transactions_PDF.exe")

AgentTesla FTP exfil server:
ftp.solarcenter.ro:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:37:57 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b0575e510f42462360853c28bd55ff549b18590cc2d0fe80193316422f30f94e

(this sample)

AgentTesla

Executable exe 28024a28d49beda4cd897956ab08259d968433df21f53504c64690f09cf8c441

  
Dropping
MD5 b9e5a60f7cb481538d28f541d7c13449
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 28024a28d49beda4cd897956ab08259d968433df21f53504c64690f09cf8c441

Comments