MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b29716e7f2bd82d9932acd2348201cb112fdd0619b53ccfcc21a1008d17ec3e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b29716e7f2bd82d9932acd2348201cb112fdd0619b53ccfcc21a1008d17ec3e0
SHA3-384 hash: 133db84908834f512d5ac12edda1e4b2ad32589ad51d24738328b9e0409b71b2aa2c33a21f3a46917e800b76feebd778
SHA1 hash: 61214f838741d332be856a0167bb0b6d05afa6d8
MD5 hash: 86065a48151d9303b4a44d10e360f59e
humanhash: saturn-montana-oranges-four
File name:Enquiry.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'522'118 bytes
First seen:2020-05-19 06:48:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:amVkgWzi7PwUMMGBY4g2d/eHkQ5vmiLnrxfTw78XnrqQTX3D5z9VhWbzxGft6P7H:amVw2iwEQ5JLxw8bvzoRS6PL
TLSH 4065333CEACEAB86E95CFD3B1FB78607F82754469A0033898A5417F4D47A71F780A641
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: trentinternational.com
Sending IP: 192.3.9.189
From: Neenu | Trent <purchase1@trentinternational.com>
Reply-To: Neenu | Trent <svp.damen@gmail.com>
Subject: Enquiry: 18.05.2020
Attachment: Enquiry.zip (contains "Enquiry.exe")

AgentTesla SMTP exfil server:
mail.dormakeba.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.PWS.Stealer.19347.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 07:36:17 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wklrnz7sxwbntezkzuruqia4wejp3udbtnj4z7gcdiiarul6ypqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b29716e7f2bd82d9932acd2348201cb112fdd0619b53ccfcc21a1008d17ec3e0

(this sample)

AgentTesla

Executable exe ded450af998de45b6a1ac415f262e047e7bd173b152e61d2cbe26877ddafe706

  
Dropping
MD5 135d8d4f91a864a8f26105d4b760f5cf
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ded450af998de45b6a1ac415f262e047e7bd173b152e61d2cbe26877ddafe706

Comments