MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76b5306c37be5fd132bdc77043b08f02df0296ad40a9c5fedc969334295072cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76b5306c37be5fd132bdc77043b08f02df0296ad40a9c5fedc969334295072cb
SHA3-384 hash: 3f7350121b5199b67381a9fca24a624503331b1e482c59e58cbc5ceff106604df10c80fdffd78eec08c5f17844e794f7
SHA1 hash: 3416384160ab079226778db1fc554746e36ad427
MD5 hash: 8d7b27f1ea7f87632a5e5e53bb041b98
humanhash: neptune-fish-don-crazy
File name:ENQUIRY.uue
Download: download sample
Signature AgentTesla
Create hunting rule
File size:354'156 bytes
First seen:2020-06-21 15:17:07 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 6144:SgETAUD+NzoB+PMJs8nrcb4skskfm8vleU8Vfj3dJE8MNJuFZaaOuhaEzJElYTP0:SgETA5zMFJ/rcHkxPvleU8VH16JkZaau
TLSH 7A74234A878321AA0CCFF3386E3DDE4A593737A5A0DE192F471616CB407C63B65D7226
Reporter abuse_ch
Tags:AgentTesla uue Yahoo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sonic308-56.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.187.31
From: sales <christinabrown26@yahoo.com>
Reply-To: sales <christinabrown26@yahoo.com>
Subject: Fw: ORDER ENQUIRY URGENT
Attachment: ENQUIRY.uue (contains "ENQUIRY.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-21 15:19:03 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o22ta3bxxzp5cmv5y5yehmepalpqffvnicu4l7w4s2jtikkqolfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

uue 76b5306c37be5fd132bdc77043b08f02df0296ad40a9c5fedc969334295072cb

(this sample)

AgentTesla

Executable exe 8530f6bfb49c1d09d86b0e8753688e8fe76da2f8fc92410b366763fe1fb285fe

  
Dropping
MD5 9737be36fb04ab7911216856767e6717
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8530f6bfb49c1d09d86b0e8753688e8fe76da2f8fc92410b366763fe1fb285fe

Comments