MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3de0d0bd30378e7cb766acb922d5301f70f0b1decb179a615dd0b2122e9c30cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3de0d0bd30378e7cb766acb922d5301f70f0b1decb179a615dd0b2122e9c30cf
SHA3-384 hash: d427659cfb414724060f0e801cbf391ac611236d8d02bb3944fd053ad767e4eefc349ca65f2c01f20a6e7272eeb07f96
SHA1 hash: 4595972a500852eb05a70c6a49235f9e3e1df2e7
MD5 hash: 7c6173e0d05074baaac91acbbe1f5e5a
humanhash: finch-burger-six-hydrogen
File name:PO374784_2020-05-14_02-36.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:230'462 bytes
First seen:2020-05-14 06:01:13 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:3QHV2OrLLxARNmLj57MSg/fYfTTJKz1pH/XAusik:3WV5r/1SSg/QfRovXXsV
TLSH 9234233285232DABBCC9215A038346C5D6BB302C4F4E5796F56724A80DB677FE106FB8
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail0.102.gizmodo.casa
Sending IP: 142.93.218.6
From: Sabrina Yong <intern_engg@eternalexposure.com.my>
Subject: RFQ For Supply of Container 2x40ft_0320--
Attachment: PO374784_2020-05-14_02-36.zip (contains "PO374784_2020-05-14_02-36.exe")

AgentTesla SMTP exfil server:
mail.spamora.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.539146.19851.32037.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Frs
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 07:16:07 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hxqnbpjqg6hhzn3gvs4sfvjqd5ypbmo6zmlzuyk52czbelu4gdhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 3de0d0bd30378e7cb766acb922d5301f70f0b1decb179a615dd0b2122e9c30cf

(this sample)

AgentTesla

Executable exe ea8e9239046f61435debbb3f3905634158e2fedeed56e63e4311d96f1c419c84

  
Dropping
MD5 542bc8a3df6efaaf3195afab17d060a7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ea8e9239046f61435debbb3f3905634158e2fedeed56e63e4311d96f1c419c84

Comments