MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b161030d7402e308bd44bd0d551f4ada3d094658da6bcd79125e5c2453f61b0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b161030d7402e308bd44bd0d551f4ada3d094658da6bcd79125e5c2453f61b0f
SHA3-384 hash: 92f8af0d5b0be109c96fc669f6aaa91d8e26f64ba7aff9611bd8034c165771fa29b12ffdd0bcd79f9f3f3fe75ae12d15
SHA1 hash: ceab1071de60311466bf73a15a003f56b9c03329
MD5 hash: 167474d97b3d4940590f69b6644639ab
humanhash: fifteen-moon-dakota-maryland
File name:2.22mb.xxxxx.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'341'536 bytes
First seen:2020-05-05 07:43:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:yLu/L7+JIcsFXM9FsacTNeXcY/KmhGOs83mpvOXKvoulJdNihtrjGDQV/1b614hY:yLuzeEu9FENeXBFGO9WlvoulJdNqrj0v
TLSH 6455332D9A777CF7975BD44DA670FE8AA5605C8DDDD81A808EC82B122FC1DDD0D2AC80
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: s111-ir-cpanel-trade.maindns.net
Sending IP: 185.165.116.18
From: Nguyen Thi Kim Thanh <Account1.Nguyen@gmail.com>
Reply-To: Account1.Nguyen@gmail.com
Subject: oustanding orders/Unit prices
Attachment: 2.22mb.xxxxx.zip (contains "2.22mb.xxxxx.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 08:36:24 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wfqqgdlualrqrpkexugvkh2k3i6qsrsy3jv426islzociu7wdmhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b161030d7402e308bd44bd0d551f4ada3d094658da6bcd79125e5c2453f61b0f

(this sample)

AgentTesla

Executable exe 4129e19fc075ef4cc80941a611b9e030e97d390054c1bcee16f46711c3b1391e

  
Dropping
MD5 ed9875edd4c2336e924c263879a93f4c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4129e19fc075ef4cc80941a611b9e030e97d390054c1bcee16f46711c3b1391e

Comments