MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98776c71856a6d6e3315dbe57cf93915031270e888abae711cbb644137467d97. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98776c71856a6d6e3315dbe57cf93915031270e888abae711cbb644137467d97
SHA3-384 hash: 7e0e50ed571380b7adaad35ea6e235eed9eac029474c734caf8ec58f402a0d496a12749f60413af74d3bc63c872ccf04
SHA1 hash: df50dc96292e15108e68a9a758a7fc7ae49e8586
MD5 hash: 206d861ca297d0b9d271b888177c3ea1
humanhash: california-pluto-lake-bluebird
File name:PACKING LIST--BD20200628 - A.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:389'844 bytes
First seen:2020-06-28 07:57:49 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:VrUnFwS370hv28Z1Y8IIxVvz1sgDjkwJSkpXxKVHa84CpIXjVv7cCDsm9EMS:ynqs74v2q1Y8IIVRDZXpBKVHaipIXhvs
TLSH FD8423E6CAF02D64681A4CE4578E1FFEAF880E9E741BB1D49C1518DDE09B29E710DED0
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mstdlrgw.mst-dealer.com
Sending IP: 203.146.21.245
From: Maria - Speciality Industries LLC <csd-b070@mst-dealer.com>
Subject: SHIPPING DOCS FOR APPROVAL--SC 12792/12807/12799/12800
Attachment: PACKING LIST--BD20200628 - A.gz (contains "PACKING LIST--BD20200628 - A.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/98776c71856a6d6e3315dbe57cf93915031270e888abae711cbb644137467d97/
Threat name:
ByteCode-MSIL.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-28 07:59:05 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tb3wy4mfnjww4myv3psxz6jzcubre4hircv244i4xnsecn2gpwlq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 98776c71856a6d6e3315dbe57cf93915031270e888abae711cbb644137467d97

(this sample)

AgentTesla

Executable exe 334cf1f9fe9ff4f20d8e64a28bc04e9afd2361e41bd4fadba306d07d0269fdbe

  
Dropping
MD5 e2ee045b676d20330281da8ecfb86b23
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 334cf1f9fe9ff4f20d8e64a28bc04e9afd2361e41bd4fadba306d07d0269fdbe

Comments