MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23a38a2a2493f6316c81237a12dec2d18b497a7d2078db9570a01d6c1c0e8d00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 23a38a2a2493f6316c81237a12dec2d18b497a7d2078db9570a01d6c1c0e8d00
SHA3-384 hash: b7f2febd56bb20c7ba1c017854f34e4538717f8d88079ad0c06fd50d01cc29d84f3defc0ee7e470189f4d61f619cbc77
SHA1 hash: 2cc1da627c5877532f6df32d226d20b35340214c
MD5 hash: c8a538824dee6543a20189486d334c0e
humanhash: friend-johnny-stairway-emma
File name:PRODUCTS AND SPECIFICATION_PDF.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:631'299 bytes
First seen:2020-07-21 05:55:55 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:twkaR1Sy+L+11yCqtTiP0MtOesX4EowZv2h9dMKQ4CbdqoD76r6tvP:OFmFzhisMMX4UZehg1koDIa
TLSH 37D4337175023A92059A309F066FD04B3725260BF323CB59D3D1EF3ABC1D9B99EB48A5
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 35-168-85-129.plesk.page
Sending IP: 35.168.85.129
From: SAMI F. MATTAR <salma@korritravel.com>
Reply-To: SAMI F. MATTAR <ricknicolas.aol@hotmail.com>, SAMI F. MATTAR <ricknicolas.aol@hotmail.com>
Subject: Request for quotation
Attachment: PRODUCTS AND SPECIFICATION_PDF.gz (contains "gunzipped")

AgentTesla SMTP exfil server:
mail.rcsqatar.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/23a38a2a2493f6316c81237a12dec2d18b497a7d2078db9570a01d6c1c0e8d00/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 05:57:08 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=eoryukresp3dc3eben5bfxwc2gfus6t5eb4nxflquaowyhaoruaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/23a38a2a2493f6316c81237a12dec2d18b497a7d2078db9570a01d6c1c0e8d00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 23a38a2a2493f6316c81237a12dec2d18b497a7d2078db9570a01d6c1c0e8d00

(this sample)

AgentTesla

Executable exe 51e26c4bc1483ae84b72d19cdb153b468e928f4da999f25821da2e060fd66a29

  
Dropping
MD5 8132117445af8ddc0a346dcc9749498e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 51e26c4bc1483ae84b72d19cdb153b468e928f4da999f25821da2e060fd66a29

Comments