MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a2f4f887b6dc0a3de9b0ef914cf80afef2dd3bf3569565fe12e1a05e1640048. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a2f4f887b6dc0a3de9b0ef914cf80afef2dd3bf3569565fe12e1a05e1640048
SHA3-384 hash: caacebd3134cf9bd4bb431e98f06671737fac08fc344723a5fc878e67d871fdb623fe93a466ff2c8ffb848faeb3048cc
SHA1 hash: b03ff626b2310edb074b4057c50250acc6cb6f5a
MD5 hash: f5359f603f108e26a1e27cfd4ece2667
humanhash: nebraska-fish-xray-butter
File name:ERQO PO Contract and PI.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:481'652 bytes
First seen:2020-04-30 12:43:51 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Kecm7itpKFf/2wIqxfNvGBHP0aAupiRaMV0ERZiz8:jc6wpKV/0qFQ5PjriRa00+Iz8
TLSH 69A423CF25EA108BC19E16BF19053EF877061E6CFA36509DFF26741262A1E75D2C1A32
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: qproxy1-pub.mail.unifiedlayer.com
Sending IP: 173.254.64.10
From: ECEM GUREL-ERQO <ecem@erqo.com.tr>
Reply-To: ECEM GUREL-ERQO <mog_b@mail.ru>
Subject: URGENT PO Contract and PI Request
Attachment: ERQO PO Contract and PI.rar (contains "ERQO PO Contract and PI.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 13:35:50 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bixu7cd3nxakhxu3b34rjt4av7xs3u57gvuvmx7bfynalyleabea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 0a2f4f887b6dc0a3de9b0ef914cf80afef2dd3bf3569565fe12e1a05e1640048

(this sample)

AgentTesla

Executable exe cd4df0af062e1b998ecd50c9262ba2f2de9fb9fd300a7fc2596ecd3f4f5f224d

  
Dropping
MD5 f67cfb9e4e99b89736eb6e44609209c8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cd4df0af062e1b998ecd50c9262ba2f2de9fb9fd300a7fc2596ecd3f4f5f224d

Comments