MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9d87b07945548e8036f1c9da4d88973018773e2984dce920c05bfc6cd31c25e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9d87b07945548e8036f1c9da4d88973018773e2984dce920c05bfc6cd31c25e
SHA3-384 hash: 9698639127c82db02a3698c3b529ee16b273b0faff9f87592ae090750e34ce5b9db8549e7f183aa5b4d5e374cd7e97fd
SHA1 hash: f9a05e0f56304feae27c803e44a8a8f1c0a3435a
MD5 hash: 9d809626e3211fc46ccb3292c65534ae
humanhash: aspen-johnny-north-bacon
File name:LC DRAFT_PI ZS20011604Z PAARANG-USTA GRUP.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'124'369 bytes
First seen:2020-04-30 09:35:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:JXta0if2pHkov84/67U/Q55HYqyNfur30cTOdGnyrG:60ifavpYUI5gNGbJTO4N
TLSH 853533AEAD7639435297E0722581F00991FC5A128EDDA0FE1F34D26C8FE17E7C612AD1
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: bosmar.cn
Sending IP: 156.96.58.98
From: teresa.j@bosmar.cn
Subject: XFM/PAARANG-USTA GRUP PI: ZS20011604Z
Attachment: LC DRAFT_PI ZS20011604Z PAARANG-USTA GRUP.z (contains "LC DRAFT_PI ZS20011604Z (PAARANG-USTA GRUP).exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 10:43:24 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zhmhwb4ukveoqa3pdso2jwejomayo47ctbg45eqmaw74ntjryjpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c9d87b07945548e8036f1c9da4d88973018773e2984dce920c05bfc6cd31c25e

(this sample)

AgentTesla

Executable exe 4b5962005864c7cd8c362e37987f7091991f6f3f0a992e02e1b51beb92292a5d

  
Dropping
MD5 1603dd6de45b5dfb0d87ba87b3966128
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4b5962005864c7cd8c362e37987f7091991f6f3f0a992e02e1b51beb92292a5d

Comments