MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38f1fc05838ca85a0486fe90c80c1f328c9375e54320ed720c2ef2e182fa16ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38f1fc05838ca85a0486fe90c80c1f328c9375e54320ed720c2ef2e182fa16ae
SHA3-384 hash: c73ac177ee7951c0aee1ac9cb08cf5f2f8993296cf3191e6e5d65dc2d6d073f2a1d511add7b94491f182d89f61e439ab
SHA1 hash: d61d4d57c2dd75497619328e57f5e6039413243d
MD5 hash: d385c44c9f6ef8cddee457ed57a33869
humanhash: sodium-angel-kitten-washington
File name:QUOTATION27052020A_NEW_OFFER_SAMPLE_MATERIAL_ELLETRON_Intl.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'417'003 bytes
First seen:2020-05-27 07:11:46 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 24576:N2ppd7bHR0v38HPywyvAE4LrGDZybsmMCTPvX271tD8irXghB4VfLEtbbf0qLpCu:obHmv3yywyvAFrGDZyrbPvGzDxXghB8q
TLSH BE6533DB1CC8A40E83993EDA88AE0D93F7563C11394651A8B97F7AC0928E5E5C5FF184
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: infohelpdesksvc.pw
Sending IP: 173.82.235.143
From: Elaine Tang <info@infohelpdesksvc.pw>
Subject: OFFER AND QUOTATION
Attachment: QUOTATION27052020A_NEW_OFFER_SAMPLE_MATERIAL_ELLETRON_Intl.arj (contains "QUOTATION#27052020A_NEW_OFFER_SAMPLE_MATERIAL_ELLETRON_Intl.exe")

AgentTesla SMTP exfil server:
smtp.csmilferaft.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 09:05:13 UTC
File Type:
Binary (Archive)
Extracted files:
50
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj 38f1fc05838ca85a0486fe90c80c1f328c9375e54320ed720c2ef2e182fa16ae

(this sample)

AgentTesla

Executable exe c560dadc5a125a4c74dda79e22d40279f7883a0d961eb39b9095119d3196baaa

  
Dropping
MD5 68a5f501d5a781b11bceac4cda0cb43c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c560dadc5a125a4c74dda79e22d40279f7883a0d961eb39b9095119d3196baaa

Comments