MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36e467de97e38469ff1a1d3916cbaee8e2289f7c38ba2c38ce77498737783f94. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36e467de97e38469ff1a1d3916cbaee8e2289f7c38ba2c38ce77498737783f94
SHA3-384 hash: d6b18ce2d1003ffeed49f9a4c9c5f3594e95ab2da1cb52d1997332aee8e127a0cfb78f6e3da2aa74d08a97041bc95fa6
SHA1 hash: ddefd21000efeb7eb7153d39573c49384a8f6505
MD5 hash: be36124aefa5bec4e3bf46c67b12317f
humanhash: west-harry-salami-moon
File name:Shipping Documents.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:409'556 bytes
First seen:2020-05-25 07:52:18 UTC
Last seen:2020-05-28 19:48:05 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:uaajYmpjlsYniH72xbf5xELEm4AokJ9F8ad3:+FEH72bf5OLEXkJ4ad3
TLSH 2294236AEA722AA0A0D98AE948B7BBED78D5645C8458B1CBC5F4D37458371B3C3CCD40
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mstdlrgw.mst-dealer.com
Sending IP: 203.146.21.245
From: Meryem HANINE <csd-a194@mst-dealer.com>
Subject: Re: Shipping Documents / Order 184559 SX
Attachment: Shipping Documents.gz (contains "Shipping Documents.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 05:23:10 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 36e467de97e38469ff1a1d3916cbaee8e2289f7c38ba2c38ce77498737783f94

(this sample)

AgentTesla

Executable exe 166087b5c6159f9d5ec3df7b7359f111692e0b8d93182a633abeee98aab686f0

  
Dropping
MD5 6150fe10a9765f29d145b4f69e26439e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 166087b5c6159f9d5ec3df7b7359f111692e0b8d93182a633abeee98aab686f0

Comments