MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 188bc6af1002bb1d12923c01becb543f8ce6ddafc9cf7b81e3362afb227dd2d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 188bc6af1002bb1d12923c01becb543f8ce6ddafc9cf7b81e3362afb227dd2d8
SHA3-384 hash: 3bc1357564f735d8b13fd51474f7a7a181fdf42f27689bb89012a11090f8f4f20a903d1f424505948ed749156f48d455
SHA1 hash: 002e98a7378844305512bf223528bf9e5768632f
MD5 hash: 5c10af873f60ab471c93f866a85dbce7
humanhash: foxtrot-oklahoma-two-fruit
File name:purchase order.Z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:360'168 bytes
First seen:2020-07-04 07:25:11 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:EHrX+0YcCNXQi0+9oCvr89NLTsbvt1nMeaCllf6KG1q5SdqpixjH/RXY1eGXFnMf:BfZQiZmC4rUbvt1nMeas16KGsSgpid/j
TLSH 127423E93EC0858171FD35E33BF09E0919E3B7ED88AA1A1D086E7C91AD7BD705816943
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: griltarp.com
Sending IP: 172.93.148.205
From: Ranjeet <market@griltarp.com>
Subject: Proforma Invoice
Attachment: purchase order.Z (contains "purchase order.exe")

AgentTesla SMTP exfil server:
mail.threewaystoharems.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/188bc6af1002bb1d12923c01becb543f8ce6ddafc9cf7b81e3362afb227dd2d8/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-04 07:27:03 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dcf4nlyqak5r2eushqa35s2uh6gonxnpzhhxxapdgyvpwit52lma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 188bc6af1002bb1d12923c01becb543f8ce6ddafc9cf7b81e3362afb227dd2d8

(this sample)

AgentTesla

Executable exe b6eecfd6a6e81cebb29940e6ccd64dea0434dfe1203de308dc16fa6271b74000

  
Dropping
MD5 ff0aaaaebbc20f0803d874beb67ff00b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b6eecfd6a6e81cebb29940e6ccd64dea0434dfe1203de308dc16fa6271b74000

Comments