MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9cf1ce12126c3441cf7c9e22951bce2955efd70904f48ff71f4e30867d6a371f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9cf1ce12126c3441cf7c9e22951bce2955efd70904f48ff71f4e30867d6a371f
SHA3-384 hash: 0002dfe81c7bd78629908d3935ba9d48ecf6e468ac4acc28aa8e4d998137670e487a4773b62b64a1a39ae729e3223812
SHA1 hash: 52bed66eede0189400f01b25813cbebc342813c2
MD5 hash: 83881e2c9e177b64610a78ef0cc7fcd7
humanhash: robert-iowa-vermont-table
File name:URGENT ORDER FROM CONTEG LTD_2020_05_27.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:492'914 bytes
First seen:2020-05-27 07:16:25 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:bVUAI6zBblfR6Ywf2VZQY2aXl/xaADX0E0FM4aK6NbdG0jYFf8Fex:xUApRlfoFf2VeY2aXlgADkRFM4avNbcZ
TLSH 16A423A2033BFE519BD657F28B68F844BCFB6231A39164E3553FC3961831A904AD146F
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: no-reverse-dns-configured.com
Sending IP: 94.102.63.75
From: SHIBIN V <conteg@conteg.com>
Reply-To: SHIBIN V <sales.maco@yandex.com>
Subject: URGENT ORDER FROM CONTEG LTD
Attachment: URGENT ORDER FROM CONTEG LTD_2020_05_27.gz (contains "gunzipped")

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Herz.B.8644.32604.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 07:36:17 UTC
File Type:
Binary (Archive)
Extracted files:
265
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 9cf1ce12126c3441cf7c9e22951bce2955efd70904f48ff71f4e30867d6a371f

(this sample)

AgentTesla

Executable exe bab8aa286b30d5d413e87d60055b0be118695e740cafaed71754d8eb590a4776

  
Dropping
MD5 f792dcdc054960f2450e8c5be945af63
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bab8aa286b30d5d413e87d60055b0be118695e740cafaed71754d8eb590a4776

Comments