MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87ed9552057ee17f8cc914ddf5dbc4ddf1a82fbd74dcd9330a26aa04f41d1e9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 87ed9552057ee17f8cc914ddf5dbc4ddf1a82fbd74dcd9330a26aa04f41d1e9d
SHA3-384 hash: 9742c0fad8f8a1da190914efbe404fe3f653283d77f617ea3061f19f23fb6f0c55d8328191c51cdc7a0f9c8ce08ff6e7
SHA1 hash: 6103ee5bf4057f642507a851d58c1712d84473d2
MD5 hash: ca9e3d15bbe9f9eb564f330e60e3fd2e
humanhash: fix-robin-michigan-uranus
File name:Urgent Items for Quote.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:867'161 bytes
First seen:2020-06-09 06:45:39 UTC
Last seen:2020-06-10 07:42:52 UTC
File type: rar
MIME type:application/x-rar
ssdeep 24576:lji5BEC/b5IJlqlt1KKXp2/48JHuCtr9zzgb/ICmnb/:ljAn5IJ4ltN5D882r5Mbglb/
TLSH DC0533033EAC2261B3E0FCB14A5D9B778B488B76F0BEAD159445C114F570E99CA8F1B6
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: [216.170.119.20]
Sending IP: 216.170.119.20
From: Kee Pulchar<puchase@gki.com>
Subject: Urgent Items Description for Quote
Attachment: Urgent Items for Quote.rar (contains "Urgent Items Description for Quote.exe")

AgentTesla SMTP exfil server:
smtp.sarniotex.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 06:47:04 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=q7wzkuqfp3qx7dgjcto7lw6e3xy2ql55otonsmyke2vaj5a5d2oq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 87ed9552057ee17f8cc914ddf5dbc4ddf1a82fbd74dcd9330a26aa04f41d1e9d

(this sample)

AgentTesla

Executable exe 35905f2246cb7409a599bcee3dde1737f751e83996753f7f6cce1d3d4148df2e

  
Dropping
MD5 914511408f6020f0e40de44bc7fef0f0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 35905f2246cb7409a599bcee3dde1737f751e83996753f7f6cce1d3d4148df2e

Comments