MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e45a9f19f596df90b34a05de20b64465a6a68b775969b4b1b0a2bd624588493. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9e45a9f19f596df90b34a05de20b64465a6a68b775969b4b1b0a2bd624588493
SHA3-384 hash: 4e60ecd87d685955ebbfd4a7e1e22bf83f4eb56f6e3ef3f81b0290455c8b82d19490de8b0039dbad24ee184f4746c8fa
SHA1 hash: 8732ade6a925260e339e6dc3583d1afe5de7abcf
MD5 hash: d1e4a078b625bdc86ba4c607c5ffe04d
humanhash: speaker-arkansas-tennis-may
File name:Quote.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:397'260 bytes
First seen:2020-07-16 07:57:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:XkNkBNV1yuic6LffnrUfnPS2fL0c3MtBp:Kk3VIuicmfDUfnhT0cctT
TLSH 2A8423F195D10B1ECC4768B89751F4858CAA28FBDE5C6419F42DF688378F86F2D09A2C
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hosting1.beeline.am
Sending IP: 212.73.86.34
From: Andrea Kohl <andrea@richard-wolf.com>
Subject: Urgent Request For Quotation
Attachment: Quote.zip (contains "Quote.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21507.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9e45a9f19f596df90b34a05de20b64465a6a68b775969b4b1b0a2bd624588493/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 07:59:06 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tzc2t4m7lfw7sczuubo6ec3eizngu2fxowljwsy3biv5mjcyqsjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 9e45a9f19f596df90b34a05de20b64465a6a68b775969b4b1b0a2bd624588493

(this sample)

AgentTesla

Executable exe 02737fdd36569bfee5e14d3117fec8708b655375bc0210e39987dd7ae7359164

  
Dropping
MD5 d8b943b367d31b31a8ec7491c3cf82e9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 02737fdd36569bfee5e14d3117fec8708b655375bc0210e39987dd7ae7359164

Comments