MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75745408fb363259566b88c0e8e57f51aff5b978841400657d6fd43cf3f9fa17. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75745408fb363259566b88c0e8e57f51aff5b978841400657d6fd43cf3f9fa17
SHA3-384 hash: 5a9a1d46f6085aee1397d60effa2c98b09115f1c96cf9ec13a76d1f4332af9b6a8b2c6ddbd1a73df676bd74dd8a451af
SHA1 hash: 4759135eb0d127d5a854d1e48b3ad9234200aff0
MD5 hash: 7026b58fbfe0e32bbf1e83f98dfef6bf
humanhash: xray-green-jupiter-butter
File name:RT Materials.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:390'127 bytes
First seen:2020-07-16 08:22:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:UP2Lk6oQ/Vx1woDLmsIaG5z5FGbIbyDx3E0Id8sv9r+1I8:Ue46oQpLmPFPGL93P28sv2
TLSH D1842367EBF06FBB433F12E7FBD5AA9504431C92D0AC3D74974081B94A709106E1EAE5
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mata.com
Sending IP: 117.121.213.229
From: Ann -TRIMA <office@trima-plus.com>
Reply-To: office@trima-plus.com
Subject: RFQ: MR#1901421 - RT materials
Attachment: RT Materials.zip (contains "RT Materials.exe")

AgentTesla SMTP exfil server:
smtp.usamilitarydept.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/75745408fb363259566b88c0e8e57f51aff5b978841400657d6fd43cf3f9fa17/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 08:24:09 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ov2fich3gyzfsvtlrdaorzl7kgx7lolyqqkaazl5n7kdz47z7ilq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 75745408fb363259566b88c0e8e57f51aff5b978841400657d6fd43cf3f9fa17

(this sample)

AgentTesla

Executable exe 3806458ec9917bd25f85bb2d643ad955195640a47f1adf3ec23e9a78473f5aa6

  
Dropping
MD5 e0d7263f8f988b4d1ae902840b3221fa
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3806458ec9917bd25f85bb2d643ad955195640a47f1adf3ec23e9a78473f5aa6

Comments