MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d32807c973d629ca652f791cf01d802eca58b099fde691b4b33c7ae98cb7fb0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d32807c973d629ca652f791cf01d802eca58b099fde691b4b33c7ae98cb7fb0
SHA3-384 hash: 1bdfba4157a3896de5f99a23f29132ce0c64871ff878a6c8993e902efc4a078c7fa88a41caf47ed9c7ad2d8356af515b
SHA1 hash: 79cf6975c17ac2cc1490040fb7a3a8ce58a05d82
MD5 hash: b84bd1b1eef8b374710175d71318f612
humanhash: quiet-massachusetts-wisconsin-mississippi
File name:Purchase Order.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:728'111 bytes
First seen:2020-06-19 16:45:13 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:voxfcfRLDuvArqbZ6Ot7qO44uTX4AgUr45+LE9/YXH6fGXSya+hcN:Gcf9Cv6qV6O7r6XPPr45+eLfGXSyaAE
TLSH 84F4231C782C7865B7F1281C677BCD53059E8BBBBC010411ABD3BD358439A7EA634AD9
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: clunegc.com
Sending IP: 104.37.172.226
From: DELTA GOLD JEWELLERY L.L.C<jclune@clunegc.com >
Subject: PI
Attachment: Purchase Order.rar (contains "Order.exe")

AgentTesla SMTP exfil server:
smtp.megaworldcorps.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 17:35:46 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fuzia7exhvrjzjss66i46aoyalwklcyjt7pgsg2lgpd25gglp6ya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 2d32807c973d629ca652f791cf01d802eca58b099fde691b4b33c7ae98cb7fb0

(this sample)

AgentTesla

Executable exe 2c1988b65fec7b60932b4ecdd808c99f026ef9e6e97244b56ebbe629a22c1e4d

  
Dropping
MD5 857b36a2bf6985204266d05d96541240
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2c1988b65fec7b60932b4ecdd808c99f026ef9e6e97244b56ebbe629a22c1e4d

Comments