MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34bd369a14b5dfc1511e42712a24a4414168a82eabacf4615b53e6f3096fc694. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34bd369a14b5dfc1511e42712a24a4414168a82eabacf4615b53e6f3096fc694
SHA3-384 hash: aa1cd20b00cd73d2a9577a5b28c40cb01a4c45a518c525367aed2898e5a2d9d510c1c79f5e93178f890de591e560ed19
SHA1 hash: f0e2e5a9fca62b96f1de9e1e01371b269c19fdb9
MD5 hash: 20aff6814a4d85fbd6396d74c31a848a
humanhash: nevada-nebraska-eleven-cold
File name:QT00342020.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:499'699 bytes
First seen:2020-07-09 12:14:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:rW1tg0dtirjwrZYgH0aEPcEfNQWS332S5owoRMuYdG5xv:8tg0dxrOQPEU9x2S5ohMulPv
TLSH 32B42326850FDF14FB11900DAA8F4C35695D1CBD378B08899EE3918919ED67FECD22A2
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 142-4-22-49.unifiedlayer.com
Sending IP: 142.4.22.49
From: Alice Zhoubiru <info@snaptv.me>
Subject: RE: Quote - 185 ft
Attachment: QT00342020.rar (contains "QT00342020.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/34bd369a14b5dfc1511e42712a24a4414168a82eabacf4615b53e6f3096fc694/
Threat name:
ByteCode-MSIL.Trojan.Masslogger
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 12:15:08 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gs6tngquwxp4cui6ijysujfeifawrkbovowpiyk3kptpgclpy2ka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 34bd369a14b5dfc1511e42712a24a4414168a82eabacf4615b53e6f3096fc694

(this sample)

AgentTesla

Executable exe 3753be46dda5f897bfbe00944241e5b7b11d77bd0e0a919ca3a751354faf6319

  
Dropping
MD5 b60c3fe07b3d9b5c85124c55cc02bdc1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3753be46dda5f897bfbe00944241e5b7b11d77bd0e0a919ca3a751354faf6319

Comments