MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3229140e42d49faa8b1bbc94698a48b57a93fd1958c48922ff82b975a0fffd66. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3229140e42d49faa8b1bbc94698a48b57a93fd1958c48922ff82b975a0fffd66
SHA3-384 hash: 3163963725e0c59873c97ce225b52622fbb4f3c05f72e73d8ea6c90e730fdc5fe2d0103273cc41c00ba1194fb28be60b
SHA1 hash: 7fee34b434b8c9856144b890f8e104e1efb54b72
MD5 hash: 0d0b93aedf7c3fde05ea648b41e9dd74
humanhash: ohio-oranges-edward-lake
File name:Quotation - 13429.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:393'180 bytes
First seen:2020-06-24 05:19:45 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:J/PWfQXXxkQ1Q9OZeJ1L8PzP4NxTHg/m4iiJERM4eTBq8TViiI3tZIPiRSWlxuEk:BPWfQOQu9OZeJ1gPTk5HDXiJESHsiKtO
TLSH 978423CA3578B3F6E3AB8E28734D58808515D01B8C971BF31D979E11AA1E857DBE0C2C
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mta5.lerni88.com
Sending IP: 5.181.157.179
From: sales@terraenergy.com.my
Subject: RE: RFQ 13429 - Request For Quotation
Attachment: Quotation - 13429.gz (contains "Quotation - 13429.exe")

AgentTesla SMTP exfil server:
mail.cablevideoimagen.com.ar:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3229140e42d49faa8b1bbc94698a48b57a93fd1958c48922ff82b975a0fffd66/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 05:21:03 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=giuridsc2sp2vcy3xskgtcsiwv5jh7izldcisix7qk4xlih77vta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 3229140e42d49faa8b1bbc94698a48b57a93fd1958c48922ff82b975a0fffd66

(this sample)

AgentTesla

Executable exe 7eecf1a5e1eb7256ca151e9b7a140bf5cb500ab8a7e67ddbbe66708bf56bba78

  
Dropping
MD5 c45f6fe2842e12d25b49c1a93bd3318f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7eecf1a5e1eb7256ca151e9b7a140bf5cb500ab8a7e67ddbbe66708bf56bba78

Comments