MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33facc6ea403790650c74ce71c2440b91909aad3c0f4431d7eca9194cc82a86f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33facc6ea403790650c74ce71c2440b91909aad3c0f4431d7eca9194cc82a86f
SHA3-384 hash: 6052faa765342c329d1c90aaecfac5a07716192565b00514ca5be8fa3a3e62cc703fb64f97443c63724fe83526de975f
SHA1 hash: c8ca2aacc6883cb2668d95f3e01aab8b6cc3fe1e
MD5 hash: 32cfa9043684bc60058d8c92b33bf945
humanhash: princess-yellow-alaska-east
File name:Purchase Order No. 00003270.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:979'724 bytes
First seen:2020-06-01 08:35:10 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:QpV4ufIZqTbdKkdBdTCYfDM4Z/HqJBEn/Oa9b8aLyM95UCYVUpWGwTiBv1v/zzdw:/uKqTjCOhZPLL9VWRmdvLzgsU
TLSH BE2523BE91FF76D55A3706C08112401ABDD2C8362EB7F628111D8F982467B2EB69C37D
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: temoc.co.mz
Sending IP: 185.222.58.152
From: "Peter Mahlangu" <ivo@temoc.co.mz>
Subject: FWD:Purchase Order No.: 00003270
Attachment: Purchase Order No. 00003270.rar (contains "Purchase Order No. 00003270.exe")

AgentTesla SMTP exfil server:
mail.pruthiexports.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 09:35:21 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gp5my3vean4qmughjttryjcaxemqtkwtyd2eghl6zkizjtecvbxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 33facc6ea403790650c74ce71c2440b91909aad3c0f4431d7eca9194cc82a86f

(this sample)

AgentTesla

Executable exe 16feb553a10af8457978637a56cd7066e78ff58446ef94afb3b52ce89dcd021d

  
Dropping
MD5 ebdefe54e5c05ffc22894c15ae9b81ec
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 16feb553a10af8457978637a56cd7066e78ff58446ef94afb3b52ce89dcd021d

Comments