MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea4bea89219dca302b4d936cad41907fb10e47d41fcf2f2b261af4b79a7309a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea4bea89219dca302b4d936cad41907fb10e47d41fcf2f2b261af4b79a7309a5
SHA3-384 hash: f6bc66d302937c834371ae594349eb88d3e9b3e3ed013ab61ce234f559cc3a1899b862fc5989724cb95b9512cff56bb0
SHA1 hash: 7686f8583332b2fc248ae0829e03543ead60961d
MD5 hash: 8a33a4969d83644c8ea3dc4f770ce46b
humanhash: mars-nevada-wisconsin-edward
File name:0980877648765234543299898989767665556754667099898.b1
Download: download sample
Signature AgentTesla
Create hunting rule
File size:622'615 bytes
First seen:2020-10-10 06:44:09 UTC
Last seen:Never
File type: b1
MIME type:application/gzip
ssdeep 12288:38GOVaGEHzP5IPpPewpps4K7/VyFhO7Q76UlepD2Z0q275YekU9Tbe:3UVhkzPuP1W74FhOU76Ul0tB7TkUBbe
TLSH F4D42382B3AAC1D45C2123F7DAE471E7D5C2613FCA6542996A7BA4EC3C751FC720B842
Reporter abuse_ch
Tags:AgentTesla b1


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: box.atradiuis.com
Sending IP: 93.114.128.34
From: Jordi Martínez <jmartinez@atradiuis.com>
Subject: Fwd: INCIDENCIA TRANSF. EMITIDA [REF 3693660407701488] [IMP 10.575,04USD] [USU SGL] [F.OPER 25-09-2020]
Attachment: 0980877648765234543299898989767665556754667099898.b1 (contains "0980877648765234543299898989767665556754667099898.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ea4bea89219dca302b4d936cad41907fb10e47d41fcf2f2b261af4b79a7309a5/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-09 09:08:35 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5jf6vcjbtxfdak2nsnwk2qmqp6yq4r6ud7hs6kzgdl2lpgttbgsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ea4bea89219dca302b4d936cad41907fb10e47d41fcf2f2b261af4b79a7309a5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

b1 ea4bea89219dca302b4d936cad41907fb10e47d41fcf2f2b261af4b79a7309a5

(this sample)

AgentTesla

Executable exe 24d32404b88210f6f5cb58362bc6122c7f7545ee8b792c075df1b0069a4f10d5

  
Dropping
MD5 7f371fcf361d5cec1b513f1131b22a76
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 24d32404b88210f6f5cb58362bc6122c7f7545ee8b792c075df1b0069a4f10d5

Comments