MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1bba4fcbe371eef6f5fc8d580ae2880805d2f6cd11877c46b18179f68c5122fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1bba4fcbe371eef6f5fc8d580ae2880805d2f6cd11877c46b18179f68c5122fb
SHA3-384 hash: c827706a8ba21a4b12193e8a37152f492d0bf074251ae20e0999d6d9767655af62e0a60dc29472b522100ba9edc5ebf8
SHA1 hash: 6e1d536c7089d4cb5df1bb878000f50c7d4c1a52
MD5 hash: 90d8f2b754b6210c051b1f8b1f6515dd
humanhash: pip-purple-equal-robin
File name:RFQ-PR PR1787523 BA.doc.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:420'403 bytes
First seen:2020-05-04 21:16:32 UTC
Last seen:2020-05-05 17:48:51 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:Py7B59hLrReakbeaUQXkhK/6eHfQPz8hb/woSnfq:Py7BpLdkbeaUQXkhheoPz8hTYfq
TLSH E494237E292F6BD3FBFAD014915C65C8389DE7613FD068BA53AA300A1D1E503C85D25C
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: toorsteel.com
Sending IP: 103.145.253.151
From: Toorsteel <toorsteel@toorsteel.com>
Subject: RFQ for PR# PR1787523 (BA)
Attachment: RFQ-PR PR1787523 BA.doc.zip (contains "RFQ-PR# PR1787523 (BA).doc.exe")

AgentTesla SMTP exfil server:
mail.toorsteel.com:587

Intelligence

File Origin
# of uploads :
5
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.39524.9273.13695.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25512.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 20:30:22 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=do5e7s7dohxpn5p4rvmavyuibac5f5wncgdxyrvrqf47ndcrel5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 1bba4fcbe371eef6f5fc8d580ae2880805d2f6cd11877c46b18179f68c5122fb

(this sample)

AgentTesla

Executable exe 82d3edc9ad7ba25feca5ef08641b0f030d92faa5dec17f3148e062b727a0240c

  
Dropping
MD5 cb2758f854fcd3e6d4eff297aba1079e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 82d3edc9ad7ba25feca5ef08641b0f030d92faa5dec17f3148e062b727a0240c

Comments