MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94ca2f172117483a84f556d8764a25f273e6b7f05d7ffd30ad96fe85d2112710. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 94ca2f172117483a84f556d8764a25f273e6b7f05d7ffd30ad96fe85d2112710
SHA3-384 hash: ec2d869ee776ebd1215feda2ce47970724636035e71f0f7deb5741462ee39480fd48d355abe662b88ae9e3fb13f218b5
SHA1 hash: 7e7b9a2228f0ea2c4dd2df8bb9522193a79f9c1c
MD5 hash: d213036cde1a17ceccdd98a92feb025b
humanhash: carpet-berlin-eleven-purple
File name:Scan 30% swift 09876789.ARJ
Download: download sample
Signature AgentTesla
Create hunting rule
File size:392'211 bytes
First seen:2020-07-16 08:20:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:DoiVSTtqMo3Kj5d3lyOkt+Fg6L9CpJcG45vNLYUUfGTPkEZkbGXxLkUg/pswHS8D:pQcAr3At+Fg62oNL4fGTsESqXxLfDwyC
TLSH 4284236693FD5232496E726C6B4DFF02629BC39D4133AAF50804794835B02FED9F52CA
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.citroneleathers.partners
Sending IP: 162.241.205.83
From: Maggi Scarlette <ceo@citroneleathers.partners>
Subject: Rv: TRANSFER
Attachment: Scan 30% swift 09876789.ARJ (contains "Scan 30% swift 09876789.exe")

AgentTesla SMTP exfil server:
smtp.groupageos.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/94ca2f172117483a84f556d8764a25f273e6b7f05d7ffd30ad96fe85d2112710/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 08:22:05 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=stfc6fzbc5edvbhvk3mhmsrf6jz6nn7qlv772mfns37iluqre4ia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 94ca2f172117483a84f556d8764a25f273e6b7f05d7ffd30ad96fe85d2112710

(this sample)

AgentTesla

Executable exe 672890fe585891106f1f8b275f6084f6ac05855aae825a2c0ada8899da2be91d

  
Dropping
MD5 0b8a4d23d0efb682026c352c90f00eb1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 672890fe585891106f1f8b275f6084f6ac05855aae825a2c0ada8899da2be91d

Comments