MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ca635e0a4fc7c78c0d93440e7bc127da4dca9749665a7dca63e4f355cec54b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ca635e0a4fc7c78c0d93440e7bc127da4dca9749665a7dca63e4f355cec54b5
SHA3-384 hash: 8ac9ffb1a13fcb6a520fac37c88574174ebd55b178d4e17cd6ba044014658b8395c10772e1aa1d7eff1a02f3ec8e5e0f
SHA1 hash: 084298c5380aec95be6389f552768bbcaba2758b
MD5 hash: b511f0175d88f05184637515f9468772
humanhash: beer-happy-crazy-princess
File name:file.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'745'940 bytes
First seen:2020-05-11 14:24:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 49152:JovsjWL9Yf3kG/3tQcOzaClXey0mHaDvvKBzh0D/ufmD+h:WkiLKf33mlzaCBey0m6Dvv4t0Lka+h
TLSH BA853372760885B2F83E759B74FC1EFA4ABE3CD097013799CF1B2E890ED5985A8051D8
Reporter abuse_ch
Tags:AgentTesla cab geo GRC


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail4.luconsult.ro
Sending IP: 195.62.95.50
From: ΧΑΤΖΗΠΕΤΡΟΣ ΔΗΜΟΣΘΕΝΗΣ <info@chungdahm.com.ph>
Subject: τιμές και διαθεσιμότητα για την παραγγελία σας 5768
Attachment: file.cab (contains "file.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 10:39:08 UTC
AV detection:
4 of 47 (8.51%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hstdlyfe7r6hrqgzgraoppaspwsnzkluszs2pxfghzhtkxhmks2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 3ca635e0a4fc7c78c0d93440e7bc127da4dca9749665a7dca63e4f355cec54b5

(this sample)

AgentTesla

Executable exe 3ecc7f6abd145158004019c01e8f8f7e56c2bc3d9b4625a3fe2e1eee470a7dd8

  
Dropping
MD5 d4e50296f44f7b50ec38cf1bf5a83e05
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3ecc7f6abd145158004019c01e8f8f7e56c2bc3d9b4625a3fe2e1eee470a7dd8

Comments