MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e64b588cd1cc19f9d30a3baf819ef6ec564c2920f358a502464d0205b1acf2fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e64b588cd1cc19f9d30a3baf819ef6ec564c2920f358a502464d0205b1acf2fd
SHA3-384 hash: 4c601e8827409da35aa34716c07f8d2f0929a623f366757799d8a6b63f5f68a62d010a2629c9d3eef80ba94ecd569f42
SHA1 hash: 43d61ecf32bf0492dfa24746b1d6af8b8252a8c8
MD5 hash: 862f546ac35ba5c3e69d6e61e0189102
humanhash: mars-fix-carbon-california
File name:cheque deposit slip, BDT Amount 70,000.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:476'281 bytes
First seen:2020-05-26 09:55:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:mOo6d12mLrTIl0O2UHRJKSPGSKhBufhkN5ofK:5ocUmsapUTKSPLG8WvsK
TLSH 79A42377F062560851C5C75DF8D481A9028FD3E73C5C1D6FEA2AE2D2136A58CB12AE2B
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: konegroupbd.com
Sending IP: 5.9.22.40
From: Md. Anwar Hossain <Sayed@konegroupbd.com>
Subject: RE: Ch. Amount 70,000/- from- Giant Garments Ind. Ltd.
Attachment: cheque deposit slip, BDT Amount 70,000.zip (contains "cheque deposit slip, BDT Amount 70,000.exe")

AgentTesla SMTP exfil server:
mail.totallyanonymous.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Injector.EMBN.20557.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 13:03:27 UTC
File Type:
Binary (Archive)
Extracted files:
266
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip e64b588cd1cc19f9d30a3baf819ef6ec564c2920f358a502464d0205b1acf2fd

(this sample)

AgentTesla

Executable exe fb2089862c97bb7765b51eda264b7338e5e32f71a70412926643a8991ce97c98

  
Dropping
MD5 d207440e1ddcfd07dd367716b4352ad8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fb2089862c97bb7765b51eda264b7338e5e32f71a70412926643a8991ce97c98

Comments