MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c79ea91ab4adfcd4c01bb164ded42ae7075681a90df32d47e59f0c9e64ca6328. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: c79ea91ab4adfcd4c01bb164ded42ae7075681a90df32d47e59f0c9e64ca6328
SHA3-384 hash: 54f21db6c70ef11c03167c1fcea72cffbc29170a62485e35a72c30fe5fdeb222cfda67b9be3eeedabfe0eadb19fcaab7
SHA1 hash: e588cf04633d4f514b435026a223a43eec9bf121
MD5 hash: 4c87c06a667803a7e879ee9d32cbdf13
humanhash: tennessee-sixteen-victor-august
File name:JEA_567432.zip
Download: download sample
Signature AgentTesla
File size:976'842 bytes
First seen:2020-06-16 11:47:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:0aLpNUpB8r3kkON9I3M4V1lSy89jm1ZGKuaYvu5VbBm:tpUBK3mIc4zQImWmC8
TLSH F925230CF53EB4392EE1D05BF618C9527CE03AA8F9D6704696F701D8A926177DC8ABC4
Reporter @abuse_ch
Tags:AgentTesla zip


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: pdlc34160.ciberserver.com
Sending IP: 176.221.34.160
From: Marie Gracia <opr6.ae@absaco.com>
Subject: DELIVERY ORDER
Attachment: JEA_567432.zip (contains "JEA_567432.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
26
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Threat name:
Script-AutoIt.Trojan.Aitinject
Status:
Malicious
First seen:
2020-06-16 11:49:03 UTC
AV detection:
14 of 48 (29.17%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c79ea91ab4adfcd4c01bb164ded42ae7075681a90df32d47e59f0c9e64ca6328

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments