MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77618336d6985eba54b633df0484434233684b5043204c7935b7a84cff12b21f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77618336d6985eba54b633df0484434233684b5043204c7935b7a84cff12b21f
SHA3-384 hash: 61aa2f8ef5f12ad3e19bcbb4628508a1a38969d08143cdf57e195325eeac83467052b159f69da14991f6d820cdcc326c
SHA1 hash: b7bfcd6bcc2e8b800743de5cac14b6ca7fde5fb0
MD5 hash: 088e49636035df6f87c2b66330ae8b91
humanhash: arkansas-mobile-black-chicken
File name:Request for quotation Order no 77923148.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-18 06:21:34 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:ac6eTRMStTO1kCz+iRzT+Zg3+j4xo60BxblUbTRZfuC9q:J6KltC9z+yzqZc7xElUbJ9
TLSH 2E450105B74C970AC128577AC5D6556003B4BA873662E72E3FCC32AE1B637E34907A9F
Reporter abuse_ch
Tags:ABB AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 162-241-215-93.unifiedlayer.com
Sending IP: 162.241.215.93
From: Chen Liang <chenliang@new.abb.com>
Reply-To: Chen Liang <chenliang@new.abb.com>
Subject: [ABB (Hongkong) Ltd] - Request for quotation, Order no: 77923148
Attachment: Request for quotation Order no 77923148.img (contains "Request for quotation Order no 77923148.exe")

AgentTesla SMTP exfil server:
mail.inventweld.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FakeAlert.9060.1798.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 06:23:09 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o5qygnwwtbpluvfwgppqjbcdiizwqs2qimqey6jvw6uez7yswipq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 77618336d6985eba54b633df0484434233684b5043204c7935b7a84cff12b21f

(this sample)

AgentTesla

Executable exe 717217440560148abab128d123d19f67f1c910f2052627d3e21128bbe2494b57

  
Dropping
MD5 00aed91d42a0d06a0420b3f206750bcc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 717217440560148abab128d123d19f67f1c910f2052627d3e21128bbe2494b57

Comments