MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 caf62317559e5ba4c569a7c793bd5ab87b50b575499180637ccc680b94926d96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: caf62317559e5ba4c569a7c793bd5ab87b50b575499180637ccc680b94926d96
SHA3-384 hash: 056d4af4dc7f55fbe56b03c374bec866eed5a065d735654dae4533421603755fbb7e594640855a1005bba293d15db9e7
SHA1 hash: 5049e1da64be4f2425b92e6708d9d030fce21091
MD5 hash: 94a91d5dfb10e03db38092586fe12e25
humanhash: eighteen-ack-spaghetti-cup
File name:Quotation-pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:449'726 bytes
First seen:2020-05-15 07:15:14 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:upUa5NvZVh08sYO4QfvsGbJeY1ZSFqadj3cMWZDA7VAsee0IvyIIIQyf6hMiySJw:cR108m4QfkUL4xX7wvZQf6mii7kqH
TLSH F7A423C3C8D80BD0217ADAE190D52C89E5AFCD8DC8DCDC55A96E2B2D45E26CD3BD130A
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.vinylbannersprinting.co.uk
Sending IP: 217.174.249.10
From: CAO DUONG CO LTD <info.caoduong@caoduong.com>
Subject: REQUEST FOR QUOTATION!!
Attachment: Quotation-pdf.gz (contains "Quotation-pdf.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-15 07:36:24 UTC
File Type:
Binary (Archive)
Extracted files:
318
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zl3cgf2vtzn2jrlju7dzhpk2xb5vbnlvjgiyay34zruaxfesnwla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz caf62317559e5ba4c569a7c793bd5ab87b50b575499180637ccc680b94926d96

(this sample)

AgentTesla

Executable exe db23aa997a6d911f35d982d7f65aa388e701edda71ad1d34adcecd680e0039e2

  
Dropping
MD5 58bd1b8842feeea62cf8d6dbf2be77e5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 db23aa997a6d911f35d982d7f65aa388e701edda71ad1d34adcecd680e0039e2

Comments