MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32e3b3bcf38d9c142e20872714bf1ab690e39ffd13792154085ecbd9eef286dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 32e3b3bcf38d9c142e20872714bf1ab690e39ffd13792154085ecbd9eef286dd
SHA3-384 hash: 15b2060ef2dcd1cd69025d915b639063a7116853695758e532e9135923cae18ba8eeb560822d41535e5c948dd9acec58
SHA1 hash: 6494d36a979f1dab4a2e9dd6ccda8cfaf7550f8e
MD5 hash: 11870273f40da3af0b0a2a57e156be82
humanhash: cola-oven-autumn-alaska
File name:VGM0001_PDF.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:422'123 bytes
First seen:2020-04-30 07:05:29 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:2mCpeMuUmpbDXMtXNw+Pgxnn32Op8OQ8jeShaw:20BnXMdNw+Pgx32e8xeaw
TLSH 5A942394046CE2B63959E9F735225C99B8C00793DF6B62D831CE74F590A413FE9D50CE
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: PLESK-SSD-sd-64416.dedibox.fr
Sending IP: 62.210.83.146
From: Repon <repon@bkcsweater.com>
Subject: Final Invoice and Packing list of Style MIRI PO:138173 Buyer: Orsay
Attachment: VGM0001_PDF.rar (contains "VGM0001_PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 20:26:57 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=glr3hphtrwobilraq4trjpy2w2iohh75cn4scvail3f5t3xsq3oq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 32e3b3bcf38d9c142e20872714bf1ab690e39ffd13792154085ecbd9eef286dd

(this sample)

AgentTesla

Executable exe 421d40b21d1618f9d998f32558b256058f93f6de3d505e6590bd649ab6f1c496

  
Dropping
MD5 16b9bf9f61eda63c7598fe421efc1f8f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 421d40b21d1618f9d998f32558b256058f93f6de3d505e6590bd649ab6f1c496

Comments