MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 513197edad2cf5d74adc85a744d98b327a3db0e619b2e3d3029b7520b66c0c74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 513197edad2cf5d74adc85a744d98b327a3db0e619b2e3d3029b7520b66c0c74
SHA3-384 hash: 9f9c3c9fd603e3959d0f9784dce004d0096ea28f10369d5a0a4ea365cf9ea11acd71175afae17491de2466e944231d3d
SHA1 hash: 625e5a23543824159fcdd6c61fbcdec82088a356
MD5 hash: 18e8b00a4c6dcf1c51f06b819cb123bd
humanhash: river-mockingbird-mike-jupiter
File name:RFQ937745 QUOTATION FROM MCR MARINE CHARTERING .zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'121'606 bytes
First seen:2020-04-30 07:53:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:18cJ3f0y0s2boOwHPUpYG/qwNGzdScMPhMy84Vk3uqTH/Ls6DiQwk:1x3fp0sYJwqYG/qwIzdSW8k+qTLMk
TLSH 5635338FA66E5588DEB51374184AEBD287BDBB3706C6F6B88A7CF1727C230744876110
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp.mbmqc8.com
Sending IP: 192.236.154.84
From: MRC MARINE SALES AND SHIP CHARTERING <office@mbmqc8.com>
Reply-To: MRC MARINE SALES AND SHIP CHARTERING <pema.acisciences@gmail.com>
Subject: RFQ_937745 // QUOTATION FROM MCR MARINE CHARTERING
Attachment: RFQ937745 QUOTATION FROM MCR MARINE CHARTERING .zip (contains "RFQ937745 QUOTATION FROM MCR MARINE CHARTERING .exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 08:36:02 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=keyzp3nnft25osw4qwtujwmlgj5d3mhgdgzohuyctn2sbntmbr2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 513197edad2cf5d74adc85a744d98b327a3db0e619b2e3d3029b7520b66c0c74

(this sample)

AgentTesla

Executable exe ad791a10ed33af49c6613064847d3d9614db17ad9b91e048c897781450c07ae1

  
Dropping
MD5 f56ae135af33fec66a037061a8530333
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ad791a10ed33af49c6613064847d3d9614db17ad9b91e048c897781450c07ae1

Comments