MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25109f471d7c9499cf5f04a9744debb091772be2c76e51dc28d90890143138ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 25109f471d7c9499cf5f04a9744debb091772be2c76e51dc28d90890143138ed
SHA3-384 hash: 47e300ebf1125c156a5fa422f704c7f819b5bd2bff5702207c0a035ee481f071e9ed54b15b3c39fc765d2d16a27131bd
SHA1 hash: 5d3330a8b97aaa7c8f7ab2eac83d1099d4bf1067
MD5 hash: 5bf359b12230608b37dd9cb5eb20b7b5
humanhash: maine-hotel-asparagus-network
File name:RFQ-REF_08042019.Z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'094'376 bytes
First seen:2020-07-03 12:36:22 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:sO/X9Pk/zP6FBfd07aSN8rjKKPeieYqcP9tOJNtetn:s8Nq2zfd07JOrj1AswtOn
TLSH DF3533843D1B798FEE5DB0C37517B270F052274100B8B3E21849BE269E76EF1A539E69
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: v242048.serveradd.com
Sending IP: 101.100.242.48
From: admin@housetutor.com.sg
Subject: Request for quotation (RFQ-REF_08042019)
Attachment: RFQ-REF_08042019.Z (contains "RFQ-REF_08042019.exe")

AgentTesla SMTP exfil server:
mail.blessme.website:587

AgentTesla SMTP exfil email address:
abellog@blessme.website

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/25109f471d7c9499cf5f04a9744debb091772be2c76e51dc28d90890143138ed/
Threat name:
Win32.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 12:38:06 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=euij6ry5pskjtt27asuxitplwcixok7cy5xfdxbi3eejafbrhdwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 25109f471d7c9499cf5f04a9744debb091772be2c76e51dc28d90890143138ed

(this sample)

AgentTesla

Executable exe 42dd002c14d21a1330c2177097116256398071ba2118c22891a070f2a91f393d

  
Dropping
MD5 64142a81ae52f8449177a8ba28e967a7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 42dd002c14d21a1330c2177097116256398071ba2118c22891a070f2a91f393d

Comments