MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d830e702ea23f89ed7c45d2ed86d28af5200bf29dbaacf7f1a150458320c9fd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d830e702ea23f89ed7c45d2ed86d28af5200bf29dbaacf7f1a150458320c9fd9
SHA3-384 hash: 4e980d24d49ca3cff67ea275a8bedf549e76ff562b57de08ba18e976aa7548233d3b5738a86a9cc62a5f03d9482b35c4
SHA1 hash: a145eba9b102fe23d6cf5896f35dd152f3d33904
MD5 hash: 945974f942c444cfb6d9e01bd37587da
humanhash: ohio-gee-angel-comet
File name:lecture.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:186'066 bytes
First seen:2020-04-29 17:55:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:a4DMux40BDvHi2dTgKrslwNmawF1Wjjh8srybLj6mV4i8eFyQoHSBSvEvMGz:P443DP3dXOYJ8Xf6eJoVMMs
TLSH C50423B0760CB21FEC61F1115E07F3DAA2866C1718EBF3A1892A971A46117FB4D1E71B
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: javainc.accesscam.org
Sending IP: 104.168.147.51
From: imports <imports@aguacateradelsur.site>
Subject: Purchase Order US103553 - FAN / RFQ US1019-015R2
Attachment: lecture.zip (contains "lecture.exe")

AgentTesla SMTP exfil server:
mail.tule.es:587 (91.134.184.222)

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 18:36:07 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
34 of 48 (70.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3ayooaxkep4j5v6eluxnq3jiv5jabpzj3ovm67y2cucfqmqmt7mq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d830e702ea23f89ed7c45d2ed86d28af5200bf29dbaacf7f1a150458320c9fd9

(this sample)

AgentTesla

Executable exe d3e501926c12ab2f5229619940c2c4e296e85a06606e69f575a00932c3d1ed30

  
Dropping
MD5 5ab1a26998d13e0f73c55f5148564157
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d3e501926c12ab2f5229619940c2c4e296e85a06606e69f575a00932c3d1ed30

Comments