MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34af3f7fd5a61361b8cd390dfd1e61918971ed57ea7622b07da981d0cef64b70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34af3f7fd5a61361b8cd390dfd1e61918971ed57ea7622b07da981d0cef64b70
SHA3-384 hash: 2f17ee6287f53e9f9f6773e5c75457db4f90d316c72ff6d5249f9ae2d17542df288c4a36e93dd1b1d2fd798f8afbfefe
SHA1 hash: 3acefb30a8f03387e5a6223aff9f1fbd339d0ac3
MD5 hash: 3b5f8528cb0501f2ceb13270d3cbb253
humanhash: ten-gee-four-massachusetts
File name:Urgent RFQ.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:370'524 bytes
First seen:2020-06-29 06:22:25 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:LZsCUtIb/hdsL7dknASgTudcu/9ZBDTIEIwb2dDPJpFIDCduJFNYyKsI6C4H+0vL:LZvUtIb/nsLhRYZBXPjaFaxFNYrsKsdL
TLSH B274235CD898AF682011D711095B1CEF8F96FA61D3B388DCA3D792F85FA1503A7B6113
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ombudsman.uz
Sending IP: 37.49.224.109
From: Elena Alvarez <info@ombudsman.uz>
Subject: URGENT RFQ - FOR REGA PROJECT REF :32ED121
Attachment: Urgent RFQ.7z (contains "0ydPIJ2IxDtiAzT.exe")

AgentTesla SMTP exfil server:
smtp.lettu.us:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/34af3f7fd5a61361b8cd390dfd1e61918971ed57ea7622b07da981d0cef64b70/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 06:24:06 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gsxt676vuyjwdognheg72htbsgexd3kx5j3cfmd5vga5btxwjnya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 34af3f7fd5a61361b8cd390dfd1e61918971ed57ea7622b07da981d0cef64b70

(this sample)

AgentTesla

Executable exe 3eb30019123e98c9b8540929e5d1e1251512539523ae9289aa33d205ef8d8006

  
Dropping
MD5 1cd18b8beb9bee51c454cece212c9d45
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3eb30019123e98c9b8540929e5d1e1251512539523ae9289aa33d205ef8d8006

Comments