MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91ce8303bb71eb0d8649498380d67690476d1fad169885a8dec3784dc892598d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91ce8303bb71eb0d8649498380d67690476d1fad169885a8dec3784dc892598d
SHA3-384 hash: a6e118ff8d93e5ad9f6856916f41279358064037c687ea78476ab6aca93d78592ac0194d563242fb9ae602e948ddbd9d
SHA1 hash: a2073d45706747ceec7a29c898dec6b313d5e2c8
MD5 hash: 4308ec6195f0e8094d789e44c5896a39
humanhash: whiskey-quebec-eight-oranges
File name:RFQ-BPIS-001709.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:422'096 bytes
First seen:2020-05-20 14:21:22 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:/9McTaRdvVBQ74iZhAjmpH5ZZ50ozeUEMgFM:/mnvvfeXzAjeH5ZZKozAK
TLSH D5942332C3F699DF2E405BD836B3F559C156BE4088E1BEF9387689A3664DC89241331B
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: megascopekenya.com
Sending IP: 156.96.45.195
From: Export Department <Export@megascopekenya.com>
Subject: RFQ:-BPIS-001709
Attachment: RFQ-BPIS-001709.pdf.z (contains "RFQ-BPIS-001709.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 14:35:46 UTC
File Type:
Binary (Archive)
Extracted files:
276
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=shhiga53ohvq3bsjjgbybvtwsbdw2h5nc2milkg6yn4e3seslggq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 91ce8303bb71eb0d8649498380d67690476d1fad169885a8dec3784dc892598d

(this sample)

AgentTesla

Executable exe e00520e9dbd220029d136401e441b14cc1f0b77272305a4ed045253b83c72eb4

  
Dropping
MD5 93bd162412fd0ab250d410c39e60fed7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e00520e9dbd220029d136401e441b14cc1f0b77272305a4ed045253b83c72eb4

Comments