MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15e73da5641e68acd068674dfbfca02fc1100d4ac63fbb66a83ef6e164084713. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15e73da5641e68acd068674dfbfca02fc1100d4ac63fbb66a83ef6e164084713
SHA3-384 hash: 1154d2bef6df813aef6cb66490dd0bb79206e7270eb0ac42307b296e3b3e86c65c62c2e50879df4d89cbdd67277fb9e8
SHA1 hash: c65b1877fc19a5c1dcb9f9f6f88f1b8af52586c4
MD5 hash: 0082caa99bf518c74b0507c5e85f51d4
humanhash: steak-bravo-potato-river
File name:MIR 108756 Quotation Inquiry.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:402'079 bytes
First seen:2020-07-07 17:29:45 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:iYWNsAwLugQ2YUdCai5bTF6Ad/Ly43htAA0vMfsntBG8r/C3kBZWVVSyw:4Nso2YUsTlcAY4xGdM6iy8MWDLw
TLSH 6F8422FF2469AA2452CF7EE3C46D276BCF6087F26121D8B56BA0717E9870165727003B
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: mu-pleven@mbox.contact.bg
Subject: MIR 108756 Quotation Inquiry
Attachment: MIR 108756 Quotation Inquiry.gz (contains "MIR 108756 Quotation Inquiry.exe")

AgentTesla SMTP exfil server:
smtp.imp-powers.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/15e73da5641e68acd068674dfbfca02fc1100d4ac63fbb66a83ef6e164084713/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 17:31:05 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cxtt3jledzukzudim5g7x7faf7aradkkyy73wzvih33oczaii4jq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 15e73da5641e68acd068674dfbfca02fc1100d4ac63fbb66a83ef6e164084713

(this sample)

AgentTesla

Executable exe 602d15fb9c4ef66396b54cc09e891dd39ec976a725c525609b22750d06c3ed29

  
Dropping
MD5 d2dc63b336d24f2d8419589f1c516270
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 602d15fb9c4ef66396b54cc09e891dd39ec976a725c525609b22750d06c3ed29

Comments