MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3651b52b59ebd354bbcc6cfb6ed0803a20e74b2f061a416390e1e197fa59125e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3651b52b59ebd354bbcc6cfb6ed0803a20e74b2f061a416390e1e197fa59125e
SHA3-384 hash: 6369d8904f5b3697ce15c14a2004f6172cceaff89515fd693926ebd810bd4b0ce82ebd60517a92644864a18858bd6490
SHA1 hash: e59f4cbb56dbc2ddb9f9a97773ada9c98e425a8a
MD5 hash: fd8ee74a74f01ea786a6ba54ae012c53
humanhash: social-two-nitrogen-uranus
File name:PO-SER-PL-M17220.pdf_________.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:550'504 bytes
First seen:2020-08-18 11:02:42 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:zyznhEBi+VqzpYkx8EnzS65D28C/XYC7uF+3/SyPjL:zInW9Vq2E8B6wDoC7uYvD/
TLSH 42C423A60D41A2863CE06E12E72DC35BD557C7C0E05C207CAF117BA0BED925CDA629FC
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: swn0.703.zazomika.ml
Sending IP: 104.248.19.105
From: Karim Mounir <arolab@703.zazomika.ml>
Subject: Attached PO-SER-PL-M172/20
Attachment: PO-SER-PL-M17220.pdf_________.gz (contains "PO-SER-PL-M17220.pdf_________.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3651b52b59ebd354bbcc6cfb6ed0803a20e74b2f061a416390e1e197fa59125e/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 21:17:14 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gzi3kk2z5pjvjo6mnt5w5ueahiqooszpaynecy4q4hqzp6szcjpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 3651b52b59ebd354bbcc6cfb6ed0803a20e74b2f061a416390e1e197fa59125e

(this sample)

AgentTesla

Executable exe bcfc9876088f51e804d9f3c648263e1ddf64364e880eb15822fea189ba831238

  
Dropping
MD5 290095e55dfad73c3bd5f1f7d5da1596
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bcfc9876088f51e804d9f3c648263e1ddf64364e880eb15822fea189ba831238

Comments