MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38346a955530648c8e6981b178f821dd619431645c826d0010db64ff6be54146. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38346a955530648c8e6981b178f821dd619431645c826d0010db64ff6be54146
SHA3-384 hash: 16db01eb47dcd947af574d94064ac8a5f5a74232c58b99f77026d42ec773b479e51e80fab8b044247dcd6673c1d4ef4d
SHA1 hash: 453f7efdd5328827d14566344e1b812a7cafad2b
MD5 hash: 366817870090d3293089961b0d5783c7
humanhash: low-papa-beer-tango
File name:RFQ ENQ-0292020 R1.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'222'681 bytes
First seen:2020-06-29 11:54:40 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 24576:eJgIjww3tlEaSaUaAJhhNmNgdeBfE7zOzPmw8hK1oK/o0C8N:ggqwWtKavKgEfOzPmNUnPC8N
TLSH 374533FD07CEA797B3EE68C2299C6C67F928976D790DD55A90F70FAA48103F04836940
Reporter abuse_ch
Tags:ace AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: Taushif kapadia <taushif@arabian-industries.net>
Subject: RE: RFI - Enquiry - ENQ-029/2020 R1 - Arabian Industries LLC - COB 29-06-2020
Attachment: RFQ ENQ-0292020 R1.ace (contains "RFQ# ENQ-0292020 R1.exe")

AgentTesla SMTP exfil server:
mail.enmark.com.my:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/38346a955530648c8e6981b178f821dd619431645c826d0010db64ff6be54146/
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 11:56:06 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ha2gvfkvgbsizdtjqgyxr6bb3vqzimlelsbg2aaq3nsp627fifda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 38346a955530648c8e6981b178f821dd619431645c826d0010db64ff6be54146

(this sample)

AgentTesla

Executable exe 9d8ea8f49ab8d7cec94437483559937a79d6a4ce43273dd41e913c3d7d7f69c8

  
Dropping
MD5 288d8c6e19beb7055eede87b763d865b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9d8ea8f49ab8d7cec94437483559937a79d6a4ce43273dd41e913c3d7d7f69c8

Comments