MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba9eb075fb480d6b61f904e8b6403ca9c6cb7a06909cf9366fa8504026c83e20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba9eb075fb480d6b61f904e8b6403ca9c6cb7a06909cf9366fa8504026c83e20
SHA3-384 hash: 420dafa52b302fc479baf75588102fb5f6779745bfd7cd9794f5a2af9be60b48d66d13f89277bb9e761d184bed4a831b
SHA1 hash: 8687432b044cf5a05f92579dfc50172a69235a4a
MD5 hash: 0091112d3c8a19915cec2d62ccae4b2b
humanhash: don-blossom-potato-coffee
File name:Statement Account - MAY 2020-pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:480'815 bytes
First seen:2020-06-03 08:24:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:VbXxRci9YwObreiVhG3/uUnjSXYlDN5cvbae4Y2xj6:VN9bObiChG3GUnuXYlDNuv4YQj6
TLSH 81A4230D3EF4B42C909B92245828328F76D2DD19B4D0148A71DE6BDF3C2DA8DE56746F
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: clicklife.clicklifeuae.ae
Sending IP: 64.64.4.134
From: Annie <annie@shimoda.com.my>
Subject: Statement Account - MAY 2020
Attachment: Statement Account - MAY 2020-pdf.zip (contains "Statement Account - MAY 2020-pdf.exe")

AgentTesla SMTP exfil server:
mail.hitechnocrats.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 02:07:12 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xkpla5p3jagwwypzatulmqb4vhdmw6qgscopsntpvbieajwihyqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ba9eb075fb480d6b61f904e8b6403ca9c6cb7a06909cf9366fa8504026c83e20

(this sample)

AgentTesla

Executable exe e8832bdaa159f1e5a0f7e4ce323c8a302c0db9cd7eb6ba0434fee843d7333129

  
Dropping
MD5 b8bc20959e2bddee9cbcb6a41ad50e85
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e8832bdaa159f1e5a0f7e4ce323c8a302c0db9cd7eb6ba0434fee843d7333129

Comments