MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76dc4791a08b5808343ffb6b7798aebdfe4daf0140242c31716ceffde36737de. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76dc4791a08b5808343ffb6b7798aebdfe4daf0140242c31716ceffde36737de
SHA3-384 hash: daaf6c20df44e798a54354801e2c454593387edf93ba4c1eff0c2f4fc555353bf4e26e09d920e6311172d99bec042e11
SHA1 hash: 70dfa34691d876ed7a31457c515ea93445d309bc
MD5 hash: 3bed63a3f6744af6e139f84b0f2646b5
humanhash: april-island-indigo-illinois
File name:Order 88633.xz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:398'548 bytes
First seen:2020-07-28 14:19:18 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 6144:xqiS6NaIWWLs59cgJ+ash0olZODgZb4EhBtuSeJMFzEv4n0Ll9w+ydeap2WkOVql:d4H0iO00Q8b44p640LXqktxH
TLSH DC842369E4861FB2321DC90FFBA400C4C54F619237BD8DE78E4967097B5EFB90912E46
Reporter abuse_ch
Tags:AgentTesla xz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: blinux.thesecurededicatedserver.com
Sending IP: 198.52.104.94
From: Purchase Department <sale@quicknet.me>
Reply-To: Purchase Department <sale@quicknet.me>, Purchase Department <sale@quicknet.me>
Subject: INQUIRY/OFFER
Attachment: Order 88633.xz (contains "Order 88633.exe")

AgentTesla SMTP exfil server:
mail.bulletlogistics.in:26

AgentTesla SMTP exfil email address:
bangalorenarasapura@bulletlogistics.in

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/76dc4791a08b5808343ffb6b7798aebdfe4daf0140242c31716ceffde36737de/
Threat name:
Win32.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-07-28 14:21:05 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o3oepenarnmaqnb77nvxpgfoxx7e3lybiascymlrntx73y3hg7pa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/76dc4791a08b5808343ffb6b7798aebdfe4daf0140242c31716ceffde36737de

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

xz 76dc4791a08b5808343ffb6b7798aebdfe4daf0140242c31716ceffde36737de

(this sample)

AgentTesla

Executable exe c53185f575195f3621b1b2cd4f8e95f60098dd6340c8492a90fb1c0d880ee7a0

  
Dropping
MD5 0261d5bb834ea34ea194b7cf3c738737
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c53185f575195f3621b1b2cd4f8e95f60098dd6340c8492a90fb1c0d880ee7a0

Comments