MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aacfbdcfda9b3d29175334ff12d6779c4be66750d3d97875264306fc28a9b82a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aacfbdcfda9b3d29175334ff12d6779c4be66750d3d97875264306fc28a9b82a
SHA3-384 hash: 9592d58fabeef4b6691f5ac2c9127754da2952fbf73128db3b4b5d121920e3a41fad816c7112fa3780117a62ea2fab92
SHA1 hash: 9c137eacb4082bc5a084ccf38193c075763ec826
MD5 hash: 8c15acc56a1dd05010a2b30058b1f9a6
humanhash: fanta-nuts-nitrogen-mirror
File name:RFQ0047290113975511300.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:353'214 bytes
First seen:2020-06-26 06:12:17 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:WaMFEscQ9YPCkYPzZxCsXozbl06HZfV6lma//Ue+UC8Dh/elyGBC1k3nmJ1FteDc:WaMiscQ2PCkeZxP4zh0DJgQ1/IyGBCCa
TLSH 8274230E5EB547BE21CA1FEDCAF337E0DC074A5B26610C8A0923F52D5C0587635A61EB
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.apartacel.com
Sending IP: 200.52.172.106
From: Carolina Barahona <cbarahona@solublesinstantaneos.com>
Reply-To: Carolina Barahona <cbarahona@solublesinstantaeos.com>
Subject: RV: Muy urgente
Attachment: RFQ0047290113975511300.pdf.gz (contains "RFQ#0047290113975511300.pdf.exe")

AgentTesla SMTP exfil server:
mail.trademaxperu.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aacfbdcfda9b3d29175334ff12d6779c4be66750d3d97875264306fc28a9b82a/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 06:14:07 UTC
AV detection:
35 of 48 (72.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vlh33t62tm6ssf2tgt7rfvtxtrf6mz2q2pmxq5jgimdpykfjxava._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz aacfbdcfda9b3d29175334ff12d6779c4be66750d3d97875264306fc28a9b82a

(this sample)

AgentTesla

Executable exe 2add7ea27d82c525f1cd1fb7170aa4c94a095420189b5a8e41d6533313eba073

  
Dropping
MD5 7430093c5933e22d68b4b7e29cbadad1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2add7ea27d82c525f1cd1fb7170aa4c94a095420189b5a8e41d6533313eba073

Comments