MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55f326e3a067b692321f106f3d9f8aaf728f29e101767166720ef582fe1af73b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55f326e3a067b692321f106f3d9f8aaf728f29e101767166720ef582fe1af73b
SHA3-384 hash: 2dcb20c16aeb9b0e38fd12268dd3bfc2ce0d876dd2b75cf6a25b3612713b59aa84a2e348e663dd3c6189d86b577021b7
SHA1 hash: 6ad4e299a94e8e140427e7e73b1886bc651f3a52
MD5 hash: d077bab318e43a974f2bfc8dd3d55e6c
humanhash: magnesium-stream-golf-cat
File name:Request for quotation 200326.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'441'792 bytes
First seen:2020-06-17 10:11:08 UTC
Last seen:2020-06-17 10:16:06 UTC
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:WzzuaTY9VQH3WBWkIK1Jp6KeSJETZh082S8V:Wzzut9V3BWY1Jcy8ZhR8V
TLSH 6565020AB79CC711C2744A3AD9D7055443B8BEA23922E71EBFCC336D1B027E7591279A
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.teilam.gr
Sending IP: 195.130.78.204
From: ESMA - Purchase (Orders) <import.orders@esmagroup.com>
Subject: Request for quotation: 200326 RK- PO No- IPO-2020101Dated-16/06/2020
Attachment: Request for quotation 200326.img (contains "Request for quotation 200326.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FakeAlert.9060.1798.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.BehavesLike.Generic.fc.30295.UNOFFICIAL
Create hunting rule

Gathering data
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kxzsny5am63jemq7cbxt3h4kv5zi6kpbaf3hcztsb32yf7q2645q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 55f326e3a067b692321f106f3d9f8aaf728f29e101767166720ef582fe1af73b

(this sample)

AgentTesla

Executable exe 2cbcdc45ac640e485356064d060a50ce26164ca4f20a44a828bd91cc8677b655

  
Dropping
MD5 056bde134fc85236af4f79b2509f89df
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2cbcdc45ac640e485356064d060a50ce26164ca4f20a44a828bd91cc8677b655
  
Dropping
SHA256 a7123dac2bb5666fff067c25b1735f32ec01edc57d44742db25bc80f770a2d27
  
Dropping
MD5 34eb8f3a63bf2f3012be04bf6a5f98f6

Comments