MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 733d48c17599f4863f30b2cd72250ba13f28afbf67610a716b05309546f32369. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 733d48c17599f4863f30b2cd72250ba13f28afbf67610a716b05309546f32369
SHA3-384 hash: 3d601c18f4358337bf94d150bbd5a6c427e26bc68e3f27021713cf51341c67b99e880f70ff5812f6c8a9f4df40f27f9c
SHA1 hash: 1f27cce5911677102b3559c0bccec90a22594d69
MD5 hash: dbd04c6eee840523c045729aaf8c84fc
humanhash: happy-mississippi-lion-don
File name:New Order Copy_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:485'586 bytes
First seen:2020-06-10 11:00:31 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:GKqO1xeXhw987xjzJcVN5yregHGkzPw4XlwFNyK5Cqe/in:GKffIx+VN5yrRmkUssN90/in
TLSH D8A423BEBC06C71AED30C3C8337905B2751AB4A6744A47E2A88A83FCCDAD5948D61D75
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: apollo.t.mk
Sending IP: 195.26.152.35
From: intsk@t.mk <intsk@t.mk>
Subject: Re: New Order
Attachment: New Order Copy_pdf.gz (contains "Order.exe")

AgentTesla SMTP exfil server:
smtp.gmail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 11:02:06 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=om6urqlvth2impzqwlgxejilue7srl57m5qqu4llauyjkrxtenuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 733d48c17599f4863f30b2cd72250ba13f28afbf67610a716b05309546f32369

(this sample)

AgentTesla

Executable exe a3c20e6927b974d1bc66b9a3c320d22a39a88a953912c3dec857ae728d5d75e2

  
Dropping
MD5 dc8ad138f1e69ca722c64bf4e0673c1c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a3c20e6927b974d1bc66b9a3c320d22a39a88a953912c3dec857ae728d5d75e2

Comments