MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a641d1743442e2e8b8db729eb53a93b61b438ae4194ea08a856b589a4d502c22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a641d1743442e2e8b8db729eb53a93b61b438ae4194ea08a856b589a4d502c22
SHA3-384 hash: 0b011900d4701ff842b7ebb63c63c80044b06dc088862ba34de013f513f03711d2aad21a3b0e015cec6fa6e6244dc215
SHA1 hash: 7277ac61ad70d66acd5e68ba7b6a6de63865ccff
MD5 hash: 7731f7cf7c9dbef5f9b86cadbf866dc1
humanhash: emma-charlie-football-enemy
File name:Quote Request.Gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:780'968 bytes
First seen:2020-08-05 07:56:52 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:aW/MDHMkA6tGWCrVfgzIGL2hQM4VB/fmK1v9P7LdDBFVuVJAtNX7VI97:aW/MJAzBYzLnl//B1P7LdNFM+NLGx
TLSH 07F433A637A945150EE3862364A5B050F1DCDFEFBB8A903F47E8A2297D37B5E1384074
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: Gary Simona <manoj@msvfabrics.in>
Subject: Request for urgent quotation for insignia project
Attachment: Quote Request.Gz (contains "8OC4jEIeyPSSSso.exe")

AgentTesla SMTP exfil server:
smtp.lettu.us:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.XCRtr.22972.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a641d1743442e2e8b8db729eb53a93b61b438ae4194ea08a856b589a4d502c22/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 07:58:07 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uza5c5builrorog3okplkoutwynuhcxedfhkbcufnnmjutkqfqra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a641d1743442e2e8b8db729eb53a93b61b438ae4194ea08a856b589a4d502c22

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz a641d1743442e2e8b8db729eb53a93b61b438ae4194ea08a856b589a4d502c22

(this sample)

AgentTesla

Executable exe 5568021e42a81a2755fd6d968efa50b13f99a9997d8973097231079de84832ad

  
Dropping
MD5 5d75a6cdfafb2e3f2687e541d9fb8d45
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5568021e42a81a2755fd6d968efa50b13f99a9997d8973097231079de84832ad

Comments