MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b67fb9edd3fab9989956b43d52e827514b2f2550a436727a80e24508c6f4464d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b67fb9edd3fab9989956b43d52e827514b2f2550a436727a80e24508c6f4464d
SHA3-384 hash: b567636b6aa9bbba9fe52d4605bb0a3582c0720a5f62b52ed7c29bb668d7c36cdbb56e643dcd7075b00767724f777d67
SHA1 hash: aa49810935c913798e01c49ed6a4d4fc094fbb89
MD5 hash: 844b1b3cb5a988ee5149290bee453b03
humanhash: muppet-mike-minnesota-black
File name:Emilxa Tram SRL_PO - Q0351-W10-IE11.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:456'670 bytes
First seen:2020-06-22 13:54:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:z4ebAo6nonbyofpmw2qBZnKZc49cx4RmsEaFM:zH8VneF0w2wKe49u48sEa6
TLSH D9A4238DB3B7F24C042A5E82819546D1EBC6958F3936D30EAC1FE1E7760912F539BC85
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cloud.expopk.com
Sending IP: 72.249.68.136
From: Steffen Kromer <purchase_m.maths@aol.com >
Subject: Purchase Order - (PO - #Q0351-W10-IE11)
Attachment: Emilxa Tram SRL_PO - Q0351-W10-IE11.rar (contains "Emilxa Tram SRL_(PO - #Q0351-W10-IE11.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b67fb9edd3fab9989956b43d52e827514b2f2550a436727a80e24508c6f4464d/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wz73t3ot7k4zrgkwwq6vf2bhkffs6jkquq3he6ua4jcqrrxuizgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar b67fb9edd3fab9989956b43d52e827514b2f2550a436727a80e24508c6f4464d

(this sample)

AgentTesla

Executable exe 4cd234eb292c25936d72ccd7b844bd2ab2f351de46edd2aefbccc6f68d99eb38

  
Dropping
MD5 2f27cc740e77bf9a9d51e23590fb50da
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4cd234eb292c25936d72ccd7b844bd2ab2f351de46edd2aefbccc6f68d99eb38

Comments