MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3dc3079b456272c480b3605f2dc3b6b12a4eb015fb35d06e739d24bcfcbb837a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3dc3079b456272c480b3605f2dc3b6b12a4eb015fb35d06e739d24bcfcbb837a
SHA3-384 hash: ae228a914c400c044598dfa38a6f84ec0168129d3672ae0ed425f456cefabcc83d2cafed06634c897620fdd02031622e
SHA1 hash: 427669b03c96c36eb4d1b59ae4c69f552f510f97
MD5 hash: f042e35cb89b375923e854ab248403b2
humanhash: whiskey-uncle-pluto-six
File name:detalii_bancae_29031178.doc.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:269'566 bytes
First seen:2020-05-19 14:30:02 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:8yZBRmUVwO367ULCRV/EY1e0NXtTggdHZDmL6VE7oiPFP23y:FH0b067U+PEwfVhgMHZ/e7ooP2y
TLSH E244236804E366FBCB6AB03E97728385DA87915775C14F0E60097633B85AC53930FEAD
Reporter abuse_ch
Tags:7z AgentTesla geo ROU


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: plesk2.enpatagonia.net
Sending IP: 207.38.89.37
From: Departamentul de estimare <accdept@gmail.com>
Subject: Informații de plată greșite
Attachment: detalii_bancae_29031178.doc.7z (contains "detalii_bancae_29031178.doc.exe")

AgentTesla FTP exfil server:
ftp.pan-door.gr:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27215.RarHeur.nocdb.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 14:37:00 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hxbqpg2fmjzmjaftmbps3q5wweve5mav7m25a3tttuslz7f3qn5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 3dc3079b456272c480b3605f2dc3b6b12a4eb015fb35d06e739d24bcfcbb837a

(this sample)

AgentTesla

Executable exe 4891ec1fb0814af4400e57d859557c72d0f0d3a3ccbdd4dc49b665697abb9a8d

  
Dropping
MD5 e1ed47e507d771902a0cee76c0e04086
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4891ec1fb0814af4400e57d859557c72d0f0d3a3ccbdd4dc49b665697abb9a8d

Comments