MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7355ad4f861d30df14317cf74f40cf9ade20576e560bec112688d17ea05168f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7355ad4f861d30df14317cf74f40cf9ade20576e560bec112688d17ea05168f8
SHA3-384 hash: 5d1714440da21820ec557ab51d203634b85c2d352dbe464cebe64a7ced87b52df7b31e14d3b77202f8733ecc70d661ab
SHA1 hash: 82aa8dfc577d5c2ed993ee5ab1858694dbc733a4
MD5 hash: 8ac95d21efbb0183bb6735fdf32eec57
humanhash: pizza-white-island-hydrogen
File name:QUOTATION--------TWS ANNA.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:286'737 bytes
First seen:2020-06-08 07:19:58 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:ug8dTkI3t3V51j4LRyFDQ5r7xrr55tRvoy7kBp0Eryl3P7wRZQ:P8dTDNIGDm59bRvT4ylj0O
TLSH 34542304B424D662C981F64C6D09BE608DE57CF6BDA24B599803FD5BFC22CC892B7E25
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail0.561.zizospanltd.casa
Sending IP: 134.209.145.216
From: Anna Wang <info@561.zizospanltd.casa>
Subject: FWD: QUOTATION--------TWS ANNA
Attachment: QUOTATION--------TWS ANNA.gz (contains "gunzipped")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 07:21:06 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=onk22t4gduyn6fbrpt3u6qgptlpcav3okyf6yejgrdix5icrnd4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 7355ad4f861d30df14317cf74f40cf9ade20576e560bec112688d17ea05168f8

(this sample)

AgentTesla

Executable exe a85880ca7ce394362c81b3fdbc1650de0ccbfb0eaf0e95038344caa309c332c9

  
Dropping
MD5 f0cd9428990d4666752e5d023d9a87fb
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a85880ca7ce394362c81b3fdbc1650de0ccbfb0eaf0e95038344caa309c332c9

Comments