MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 248461b4b7e4e07e8d5d2c565f509fd2fe333c385f46d6b916e6d083847f3ac1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 248461b4b7e4e07e8d5d2c565f509fd2fe333c385f46d6b916e6d083847f3ac1
SHA3-384 hash: 551803228688e585630048df70485706490b53a062a7e4fce6f091642538c73516576275c12588d9964cab943c2203e5
SHA1 hash: 1e93c874d7c61a7bb36aee5ec9a2c04d53705c81
MD5 hash: 5073e53e7c30a613f8b142daa3395230
humanhash: red-uranus-salami-oklahoma
File name:CAI-U6607668LUFQL.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:657'509 bytes
First seen:2020-06-05 06:07:12 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:dP+0cJMOEhX5XKJrw/X68G0S3edj8CKG9mCcvZDPkmts9Gr8IGtoFr+UrmAsz:83JrmX5XKWP69VU8I9HkVP5s949woJna
TLSH D2E423580AD96A5B15495D3F38BCF3FD281BB0C0FFD6C814EBEA4C873192BAD9452225
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: JITEEN NAIR <cre-dcrc-b052@mst-dealer.com>
Subject: Re: invoice For shipment
Attachment: CAI-U6607668LUFQL.gz (contains "CAI-U6607668LUFQL.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 03:44:51 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=escgdnfx4tqh5dk5frlf6ue72l7dgpbyl5dnnoiw43iihbd7hlaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 248461b4b7e4e07e8d5d2c565f509fd2fe333c385f46d6b916e6d083847f3ac1

(this sample)

AgentTesla

Executable exe c02b49e5a0261900bc7783b465f1fadfc57b622467f544904e91b2812a1a8081

  
Dropping
MD5 97d65598956777b265a095a0f2d26b49
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c02b49e5a0261900bc7783b465f1fadfc57b622467f544904e91b2812a1a8081

Comments