MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13597506b0fcdb8e6b9e2fde5966739f6355fcc96e3dc6345dc1e355817d40f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 13597506b0fcdb8e6b9e2fde5966739f6355fcc96e3dc6345dc1e355817d40f9
SHA3-384 hash: ead97c949f6e1e225542969f92cb8b965f120d63302949bb0a0c1ed6402e732d8768f6545546714b389b41aa676fde7b
SHA1 hash: 82e6b3ba8ed5ee534f21db24fe741d7acb9dc5a1
MD5 hash: d874373b0eed4774fb8dd42f6fb1957f
humanhash: cardinal-sweet-ohio-kansas
File name:RFQ.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:355'694 bytes
First seen:2020-07-08 07:13:51 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:jTwIlU+zp7t+tTDwae3Tr+1HFdqmmmuyeSz7G/DF/uhR7iSmuPRiWyK/FhO2+/C:jTwR+NhigaA/+dFQtyVgDFmhxiSVByK1
TLSH EC7423C7331D94E2FD5E1E31A14B1F3515459ABF8AB126A4C90F940A7EEE2E3419D0F2
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: steyr-motors.cn
Sending IP: 172.241.27.150
From: Stella Marcus<sales@steyr-motors.cn>
Subject: RFQ203442
Attachment: RFQ.rar (contains "RFQ.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/13597506b0fcdb8e6b9e2fde5966739f6355fcc96e3dc6345dc1e355817d40f9/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 07:15:07 UTC
AV detection:
15 of 31 (48.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cnmxkbvq7tny4246f7pfszttt5rvl7gjny64mnc5yhrvlal5id4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 13597506b0fcdb8e6b9e2fde5966739f6355fcc96e3dc6345dc1e355817d40f9

(this sample)

AgentTesla

Executable exe b9fbd47b1c2b112277e35d94b125107262e9fba1dfe33bcd3842795432bc78d5

  
Dropping
MD5 90003ac64105d46135fa50dd89d2de04
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b9fbd47b1c2b112277e35d94b125107262e9fba1dfe33bcd3842795432bc78d5

Comments