MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0be9c9aec613bd93b86826eb781de5912ca6a0715896421e5f41d1f483683dfc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0be9c9aec613bd93b86826eb781de5912ca6a0715896421e5f41d1f483683dfc
SHA3-384 hash: b137e9b7a12a3bdc93e962412fdbdd4140e4d09fd5e10823457528887267e3d3628770e685991954fbcfd2a66e2df939
SHA1 hash: 38e852db02332a459c80575077b0f3756e37be8f
MD5 hash: 91d8af9f24968f5802a134b9e2d68fb8
humanhash: low-aspen-sixteen-bakerloo
File name:Request For Quotations - RFQ-19-06113-01-.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:741'127 bytes
First seen:2020-07-03 06:26:18 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:B+DlTpTmQg0j1kd54Ag3JAET7kwvqjpm+gNBmV5FKeGfB2243uBD1bOo5cQRi+r:B+WQPpkd5Fg3eekwqBK0V5UBpbNlOaB
TLSH D2F42381179A62599BD03C7709252ACFD08F0570DEE2CBC3295791E2DA632E9FA1D4F3
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vxadm-11.srv.cat
Sending IP: 46.16.58.130
From: Shaikh Jaffar Ali <ShaikhJaffarali@uae.com>
Reply-To: ShaikhJaffarali@uae.com
Subject: Request For Quotations - RFQ-19-06113-01-1870
Attachment: Request For Quotations - RFQ-19-06113-01-.7z (contains "Request For 2 Quotations - RFQ-19-06113-01-1870.bat")

AgentTesla SMTP exfil server:
mail.magicpharma.pt:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0be9c9aec613bd93b86826eb781de5912ca6a0715896421e5f41d1f483683dfc/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 06:28:05 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bpu4tlwgco6zhodie3vxqhpfsewknidrlcleehs7ihi7ja3ihx6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 0be9c9aec613bd93b86826eb781de5912ca6a0715896421e5f41d1f483683dfc

(this sample)

AgentTesla

Executable exe 6ebd5ec6748b2445b02d5fc0f8db3a40a9735e19163085e849ee1c16e184078e

  
Dropping
MD5 3d802498aff0c68b82d72508459cac14
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6ebd5ec6748b2445b02d5fc0f8db3a40a9735e19163085e849ee1c16e184078e

Comments