MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 667021cadbbcfc3ec7560c3b33def454ebc31eb9d39bdb3865254169b1136193. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 667021cadbbcfc3ec7560c3b33def454ebc31eb9d39bdb3865254169b1136193
SHA3-384 hash: b5cb63760c201d9a68fa8f6fa3cb6f3f6bcf7be9b16ea90e19871dff47fac20e7dc09886a3b7fe8edaea4412ce97e0a5
SHA1 hash: a2beaad3b12f428deecd57990f9a9b8a31f883b5
MD5 hash: e235c92d2af4a369f3cdc147cb82aeab
humanhash: hamper-venus-ceiling-east
File name:RF-QUOTE.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:386'563 bytes
First seen:2020-05-13 06:07:15 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:dHGKAKotbQULqNKD2zwCylufBnalXoV1RnFYcPIWR0c1oHSikGaKMwfta1gbTiDK:cKAltbQ7NKDeUoZnzjrPITcekGawtagh
TLSH D9842374CE5820AA681E2276D345BE9F1E0D49CC06B0154DA2174264673FCBDC3FEABE
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mec.com.jo
Sending IP: 198.23.210.131
From: Mohammed A Sayeed <mayyadah@mec.com.jo>
Subject: URGENT RFQ- GACA 2020 PROJECT REF: 2211342
Attachment: RF-QUOTE.7z (contains "ypLcWMbNO9Ze8R2.exe")

AgentTesla SMTP exfil server:
smtp.lettu.us:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 20:41:00 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mzycdsw3xt6d5r2wbq5thxxuktv4ghvz2on5wodfevawtmitmgjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 667021cadbbcfc3ec7560c3b33def454ebc31eb9d39bdb3865254169b1136193

(this sample)

AgentTesla

Executable exe 841bfc719b8575e011ad1be4ba2a9295bf5252c357d4de52eb8776eb0a803049

  
Dropping
MD5 56e009aacd667b29c8b9229ded2ac7dc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 841bfc719b8575e011ad1be4ba2a9295bf5252c357d4de52eb8776eb0a803049

Comments