MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 413925efa210e0bd8c78476aeda49d705609bc49f8413e3bf32c6092c49f7e76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 413925efa210e0bd8c78476aeda49d705609bc49f8413e3bf32c6092c49f7e76
SHA3-384 hash: 2ba18fded7b2263e4d71330946729a9eb82d6593968cad6513300f9e02a166cede4e1476650ed073a2d1764c7e0c9ca9
SHA1 hash: 5c4ac22d52ce64514d16ec075a7e060f06cc2ebb
MD5 hash: 2f1227b600460f9cfc9a763e2a41c7c4
humanhash: high-louisiana-black-low
File name:RFQ P14-1001-P14-1002.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:542'961 bytes
First seen:2020-05-05 07:50:06 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:U0HwONSBzTsHH87wkQ9F8hgAC+bKSOql4f8aIAMYdK:U0HwZ1TsHkQ9F8O62AliIL
TLSH 45B423948D794FFAB4C365A1F1FFC625F066A173D212366E4E4026A3F68D018FBC941A
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: domain.aurora-israel.co.il
Sending IP: 212.143.61.109
From: ADLI FAHMI <adli@bapatoh.com>
Subject: RFQ P14-1001/1002- BEFORE: 08/05/2020
Attachment: RFQ P14-1001-P14-1002.gz (contains "RFQ P14-1001-P14-1002.exe")

AgentTesla SMTP exfil server:
smtp.fipco-sa.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 08:36:13 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
15 of 31 (48.39%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ie4sl35ccdql3ddyi5vo3je5oblatpcj7bat4o7tfrqjfre7pz3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 413925efa210e0bd8c78476aeda49d705609bc49f8413e3bf32c6092c49f7e76

(this sample)

AgentTesla

Executable exe b03b486f2ea79250fce879d662f2256839349e2df4d59ed964eb493ecb6b9494

  
Dropping
MD5 a9f79c1772adbde6a0682b9ba3ea7b0b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b03b486f2ea79250fce879d662f2256839349e2df4d59ed964eb493ecb6b9494

Comments