MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 564f850ec4a1f21512b9e5fda8c2da898de23ca0c6be776138acc71a1a297cf4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 564f850ec4a1f21512b9e5fda8c2da898de23ca0c6be776138acc71a1a297cf4
SHA3-384 hash: 015a83c8a8be27da24994cc5002d52b95471e9e23ad6fdf429b995a7a4bd2bf1e1fbcc08dac5e78edc5f5b9dbdbd3ccf
SHA1 hash: 0a6e214f23bc4e28cf9bdb64372724a5a3c019fe
MD5 hash: 24aa6198e0e44cbb6509b2f985353053
humanhash: bacon-mike-nitrogen-west
File name:FASK Kuwait Co Supply Tender RFQ 002022020.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:568'802 bytes
First seen:2020-08-16 13:55:47 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:SzVK0WQKOgdNG/x9yN4t1D02JRG3zyl8z9bBZwP6AvxXoxn8:SzT0xW9p1D3jGDA8zuPpvRoN8
TLSH 9CC4335C94D5640EC852898F3831ACFEA984D316CD33A3AFDD464173C2E467C9EBE8A5
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vm86.entorno.es
Sending IP: 195.162.18.227
From: Surya Narayana <surya.narayana@faskkuwait.com>
Subject: RE: SUPPLY TENDER NO 4589070: RFQ 002022020 FOR Fask Kuwait Gen. Trad & Contracting Co.
Attachment: FASK Kuwait Co Supply Tender RFQ 002022020.r00 (contains "BOQ Quotaion Request Data Sheet Requirement No 0020022020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/564f850ec4a1f21512b9e5fda8c2da898de23ca0c6be776138acc71a1a297cf4/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kzhykdweuhzbkevz4x62rqw2rgg6epfay27hoyjyvtdrugrjpt2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/564f850ec4a1f21512b9e5fda8c2da898de23ca0c6be776138acc71a1a297cf4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 564f850ec4a1f21512b9e5fda8c2da898de23ca0c6be776138acc71a1a297cf4

(this sample)

AgentTesla

Executable exe e593655b5dafbbb4d5a991689b883d1304c8b653a714ec724d31c08ed37f13d5

  
Dropping
MD5 52e11728259ce9ed9db193fcbb65cbc9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e593655b5dafbbb4d5a991689b883d1304c8b653a714ec724d31c08ed37f13d5

Comments