MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3eae1c0a553b095e6fba08827af7028f4c8cf96a5dae2e7644813105cdbf714b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3eae1c0a553b095e6fba08827af7028f4c8cf96a5dae2e7644813105cdbf714b
SHA3-384 hash: 588a8570d534f35e0978129fab3bb511b507053d7cd043219479b47c55604fba23f0951aa70b8bc2d6bc529280b358df
SHA1 hash: 7287e60c2ca892a600ab1fc899c9bcbf2387cdd0
MD5 hash: 37835112ee00f75aa818f20715aa924f
humanhash: salami-hotel-wisconsin-river
File name:Li to solicitor-June_2020.pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:422'153 bytes
First seen:2020-06-14 10:25:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:ufQXZmV1YXs+uiJuf/343rV+XrRnMrgSe:u440u5X34pGVnmG
TLSH 5F9423784E2CF5F18081C247F78A4B64361DFF6F48762B883A59479C30E90E6919687E
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.notes.bank-of-china.com
Sending IP: 103.99.1.173
From: BANK OF CHINA<Goh_Siewtying@mail.notes.bank-of-china.com>
Subject: RE: Letter of Appointment (June/2020)
Attachment: Li to solicitor-June_2020.pdf.rar (contains "Li to solicitor-June_2020.pdf.exe")

AgentTesla SMTP exfil server:
mail.pro-powersourcing.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-06-14 10:27:03 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h2xbycsvhmev4352bcbhv5ycr5giz6lklwxc45seqeyqltn7offq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 3eae1c0a553b095e6fba08827af7028f4c8cf96a5dae2e7644813105cdbf714b

(this sample)

AgentTesla

Executable exe f82d929adaf2a5512b5f59f45fffca57877a00d2772d4cc92d49e119e6391a0c

  
Dropping
MD5 97207155c5d7db082c556835c29e2ece
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f82d929adaf2a5512b5f59f45fffca57877a00d2772d4cc92d49e119e6391a0c

Comments