MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bccdd7c2643a2e6c47bb6ec5ecd59220cee67ea3e2fbaea8a15395feb0ae8926. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bccdd7c2643a2e6c47bb6ec5ecd59220cee67ea3e2fbaea8a15395feb0ae8926
SHA3-384 hash: cf43f8b6a8ebea697cd7935ea7684472e2ced41770c6c1a08d13ac29b2dd127b5d0910c70b1c4446c8aa097102a466a2
SHA1 hash: 44faa88e532ab802dcad0463e2c6773f93aed1d5
MD5 hash: ff10efdd2a2cca14336b332d8ab52c40
humanhash: leopard-tennis-vegan-cola
File name:I-Group.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:220'765 bytes
First seen:2020-06-29 11:54:30 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:wMuoct6e//Q0pu6xNwSi2/hAYBTHhF5uhteze9lQVa:wvnwUG6xNwUAYhHA99l
TLSH B62412B165E93FB56AA4A0BD4EBA66349CA09C2430CC045FF1E45F198CFF7A68836513
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.sgbcg.com
Sending IP: 113.11.251.241
From: Matthijs van der Weg <materials@amoceg.com>
Reply-To: Matthijs van der Weg <fewadkhan56@gmail.com>
Subject: New partnership
Attachment: I-Group.rar (contains "I-Group.exe")

AgentTesla SMTP exfil server:
mail.tandempakistan.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bccdd7c2643a2e6c47bb6ec5ecd59220cee67ea3e2fbaea8a15395feb0ae8926/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 11:56:03 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xtg5pqtehixgyr53n3c6zvmsedhom7vd4l525kfbkok75mforeta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar bccdd7c2643a2e6c47bb6ec5ecd59220cee67ea3e2fbaea8a15395feb0ae8926

(this sample)

AgentTesla

Executable exe a3fb6b53e77c6da05538f2ebe2dec18a8f04549b579057814b3d6abdd159dc5c

  
Dropping
MD5 b974854147494cd109a6e13cbb484967
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a3fb6b53e77c6da05538f2ebe2dec18a8f04549b579057814b3d6abdd159dc5c

Comments