MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d0409fe1920705a5b39b8cd99836c3d8d53c47b74d37cdef02b2f816dec6abe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d0409fe1920705a5b39b8cd99836c3d8d53c47b74d37cdef02b2f816dec6abe
SHA3-384 hash: 1c8724b9c0217fe057c84701eeccf8bc5268dd3dc68bf6d58956a0a227e81a4da41fe9fa893a7084e7819155d5e9e5c9
SHA1 hash: 25eb5c3d109a18af5cc49f236763f1c0d4be4c5b
MD5 hash: 1c7fe0c40395b96a476b09102ba1335f
humanhash: yellow-helium-indigo-cardinal
File name:HEMPEL ITALY SRL QUOTATION REQUEST_xls.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:391'353 bytes
First seen:2020-06-11 09:32:04 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 6144:iVW6XDrbOqN2oW3NOVkgW0l7dKlNw3z2LrqN9sm/JpUJ+1ZhQbqSoH+9T:iVBzmqN2r3N+lUC3a+DJp8+1ZhFe9T
TLSH 8D842390D104A1B3926391D4AD5CA6DFFCBB8DF4F298BFAEAC1C2D171B010653215A7E
Reporter abuse_ch
Tags:ace AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: globe3email.hostcentral.net
Sending IP: 103.53.172.34
From: Hempel (Italy) s.r.l. <sales-it@hempel.com>
Subject: REQUEST FOR QUOTATION/PRICE INQUIRY
Attachment: HEMPEL ITALY SRL QUOTATION REQUEST_xls.ace (contains "HEMPEL ITALY SRL QUOTATION REQUEST_xls.exe")

AgentTesla SMTP exfil server:
mail.greebals.gr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 09:35:55 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ducat7qzebyfuwzzxdgzta3mhwgvhrd3otjxzxxqfmxyc3pmnk7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 1d0409fe1920705a5b39b8cd99836c3d8d53c47b74d37cdef02b2f816dec6abe

(this sample)

AgentTesla

Executable exe 7bb9f73ae2fe5d1dec17425636ceb65832c41773aee7a741f431597a20926e02

  
Dropping
MD5 ba2301b9c90cd081f8a35b9ac9d0d12b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7bb9f73ae2fe5d1dec17425636ceb65832c41773aee7a741f431597a20926e02

Comments