MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 035f6ece5dbc16bfef98629382769eb734f3e9d98419b4b0967a6ec73955a19e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 035f6ece5dbc16bfef98629382769eb734f3e9d98419b4b0967a6ec73955a19e
SHA3-384 hash: b3185c0584689b375150f7ca33b403c53c1061026ae1302ef2b3c521cbf40a3f4cb9fda23a7466bfcaa908b413b2f81f
SHA1 hash: bcdf5633ebcb7a47f30e68dc0f3fa55cb38c99a0
MD5 hash: caddc24c9ce2a64e2212d43ff5776ad6
humanhash: purple-hawaii-jupiter-black
File name:Demande de cotation PVC resin pour tuyaux_pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:409'187 bytes
First seen:2020-06-15 12:30:45 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:C90RsWtix6iX+zK16E+gEJCm7s16EGTzjLZL4+bsB9jIcqyBqTG:COCUi916WEkTDG3ZL4Qs7jIVSKG
TLSH EC9423428BD8A17F249CC6209F943B59AE979013298FD4EB1C3F557A233CC5693F4AE4
Reporter abuse_ch
Tags:AgentTesla FRA geo rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 1d48368b.ni.net.tr
Sending IP: 45.158.12.31
From: Joana de oliveira <Joana.DeOliveira@eltek.com>
Subject: Demande de cotation PVC resin pour tuyaux
Attachment: Demande de cotation PVC resin pour tuyaux_pdf.rar (contains "Demande de cotation PVC resin pour tuyaux_pdf.exe")

AgentTesla SMTP exfil server:
mail.hospitalveterinariosur.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:32:04 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=anpw5ts5xqll734ymkjye5u6w42ph2ozqqm3jmewpjxmookvugpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 035f6ece5dbc16bfef98629382769eb734f3e9d98419b4b0967a6ec73955a19e

(this sample)

AgentTesla

Executable exe 75baae23f80f6def274e340b17867d205068b34425fe6f7537c9667e370dec5a

  
Dropping
MD5 0cbaab9a5c80373e7899c42119a5963f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 75baae23f80f6def274e340b17867d205068b34425fe6f7537c9667e370dec5a

Comments