MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96e2a4bb66b02d35e3bfdce77822a12e0800c69f483befe45b2df19324af1c91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96e2a4bb66b02d35e3bfdce77822a12e0800c69f483befe45b2df19324af1c91
SHA3-384 hash: 193116519cd55e6e265a5c6987d15b31a90f3d8c1888b993b9f704d4008d8f2e935fb81250e12ec549f6a3476d5b6f4a
SHA1 hash: 3fb0c598c0e901b474ca352620c47b3b19458152
MD5 hash: 7a69151ddc9a88c82405dc5e5c7553c6
humanhash: orange-potato-cold-batman
File name:RFQ PO20200616 MARINE . XLS.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:398'556 bytes
First seen:2020-06-16 05:43:49 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:2sB6xb5XbKF/t/p+vbKKEkhbzCamshlhR2cgkQkj:fQXbK5mPhUsHhR2hkjj
TLSH D1842347295A039AE269FD1F6C2B3BEC27B3634B0E8CCCF21F1152F9D27E9649459508
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: melter.com.mx
Sending IP: 139.99.90.156
From: PT Bosung Indonesia <sales@melter.com.mx>
Subject: RE: RFQ PO20200616 MARINE
Attachment: RFQ PO20200616 MARINE . XLS.zip (contains "RFQ PO20200616 MARINE . XLS.exe")

AgentTesla SMTP exfil server:
mail.kbbsthai.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.5de8c07856656bd5.21541.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-06-16 05:45:07 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s3rkjo3gwawtly573ttxqivbfyeabru7ja567zc3fxyzgjfpdsiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 96e2a4bb66b02d35e3bfdce77822a12e0800c69f483befe45b2df19324af1c91

(this sample)

AgentTesla

Executable exe e690e6380d38ece641b3c8a7a09672475ead068afbe9fa764b10bf5827457c37

  
Dropping
MD5 5de8c07856656bd5e4de95705c512ff6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e690e6380d38ece641b3c8a7a09672475ead068afbe9fa764b10bf5827457c37

Comments