MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b1a4c590895916076d4a925c31434762e3f5f6a1a2dc7225418d31aee147363. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b1a4c590895916076d4a925c31434762e3f5f6a1a2dc7225418d31aee147363
SHA3-384 hash: 943bd651d1f6dde4ac05c0eb0c4b470c24a5edb062c205f844d177adf3730f750d47a742b02b1f5ec5d689d859246602
SHA1 hash: f49bd5cb8ca911ba4f378e292a36fe1caf7df05e
MD5 hash: e0ddf8b59e56331f0d035884681306bc
humanhash: blue-robin-winner-kansas
File name:Kestrel GTCC Pvt Ltd RFQ_xls.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:348'165 bytes
First seen:2020-07-16 08:06:25 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:442Eln/JC0jd5ya08VERySdx9K+s8UGpRlQekMZ8MLSfrPaC/fo4K1Cw:441hC0jm8VIndGlj5MenfeCXnw
TLSH F8742394748339AC1B9D03E6E133B6EC88E53D8C846E456103B82CECBD5D5AA5DDE0CE
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gtslogistics.org
Sending IP: 72.18.130.157
From: Kestrel GTCC (Pvt.) Ltd. <abidraza@kestrel.com.pk>
Subject: KESTRE GTCC (Pvt.) Ltd. Request For Quotation
Attachment: Kestrel GTCC Pvt Ltd RFQ_xls.z (contains "Kestrel GTCC Pvt Ltd RFQ_xls.exe")

AgentTesla SMTP exfil server:
mail.tlshellfish.uk:587

AgentTesla SMTP exfil email address:
ricemagic290@gmail.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7b1a4c590895916076d4a925c31434762e3f5f6a1a2dc7225418d31aee147363/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 07:56:05 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pmneywiiswiwa5wuves4gfbuoyxd6x3kdiw4oisuddjrv3quonrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 7b1a4c590895916076d4a925c31434762e3f5f6a1a2dc7225418d31aee147363

(this sample)

AgentTesla

Executable exe 662fef8b4f1d3b467039e66b6c6c415583bca1cb49adf66dbf900d4c48f35db1

  
Dropping
MD5 90056f0f953f5973c5a29bc050fd1fce
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 662fef8b4f1d3b467039e66b6c6c415583bca1cb49adf66dbf900d4c48f35db1

Comments