MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d7531a621828d5dfbd8b9bf338e9d48235095b2ce54d6c5439cae2e9c8558e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d7531a621828d5dfbd8b9bf338e9d48235095b2ce54d6c5439cae2e9c8558e1
SHA3-384 hash: d9b10fcedd81628a9fe6e78e3b6f3c5c5ec30af9a406faf4a52396042695143e8e182c392c189fc067cb26a3b07e51ec
SHA1 hash: 6c4c186dbc9962540f2678637da7c7fb0ef66702
MD5 hash: 313fd7e7803fc1f50bd18dad64c73c7b
humanhash: tennis-fourteen-texas-zulu
File name:RFQ10954220_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:683'523 bytes
First seen:2020-07-20 09:03:08 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:QnTFYt+4afS4Qwhq+mcOFdY+Y42e8vSoDJAGT3+c9OZLF8NSUICFRbIbU:ATFsQJhn168KoDJpTvORucefCU
TLSH 7DE423C1434D5B1062F235A292938ECBA5DBDE06FE93CADDA36A2BA410DD425CFD425C
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: newton.britanico.cl
Sending IP: 200.29.19.155
From: ROKONMA (S) PTE <azlina@rokonma.com.my>
Subject: Please send me price list.
Attachment: RFQ10954220_pdf.gz (contains "RFQ10954220_pdf.exe")

AgentTesla SMTP exfil server:
mail.c67976.sgvps.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d7531a621828d5dfbd8b9bf338e9d48235095b2ce54d6c5439cae2e9c8558e1/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 09:05:05 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jv2tdjrbqkgv366yxg7thdu5jarvbfnszzknnrkdtsxc5hefldqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4d7531a621828d5dfbd8b9bf338e9d48235095b2ce54d6c5439cae2e9c8558e1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 4d7531a621828d5dfbd8b9bf338e9d48235095b2ce54d6c5439cae2e9c8558e1

(this sample)

AgentTesla

Executable exe 3a2818adfe06cbb0c1bd7137fe9e5e01bce05ce4c8e41bae2840e1cc7843fd0c

  
Dropping
MD5 21a5450a6d10d7826dc34b3b09901596
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3a2818adfe06cbb0c1bd7137fe9e5e01bce05ce4c8e41bae2840e1cc7843fd0c

Comments