MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb6812fc61aa1c5688a46088b6f9aa84e1fd94dc12702a3fa7486d9160ce6d28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb6812fc61aa1c5688a46088b6f9aa84e1fd94dc12702a3fa7486d9160ce6d28
SHA3-384 hash: f59476eadc204e3cc398d5f94f9d232042707ee34799405706628aea2c62508abc0798f7c6060a922d9e206197720f46
SHA1 hash: 9f5facc774fe6badd71aec8cb84acaac31edcb6e
MD5 hash: f366deef96875503fad2070d586a74a9
humanhash: social-orange-cat-wisconsin
File name:RFQ EDEN TOKAI LPG TERMINAL PROJECT.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:383'298 bytes
First seen:2020-06-15 05:29:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:gqzKA38Y0LJ07Kmjw+10jMDNWsNB2HBWHlbl7K43iPU7PiW0p3D7yC+8vE6a5p6d:g+j38YHNWG2uUmiPU7aJ/yCPc/5gmy
TLSH 57842354C57628798DF7BDB8E91608987E13EEF98912918DA96F3C32300DEDBB230715
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: kingoak.com
Sending IP: 72.4.144.87
From: Ong Kian Cheong <ongkc@peceng.com>
Reply-To: Ong Kian Cheong <geojeff1993@gmail.com>
Subject: RE: RFQ for LPG Cylinder Filling Machine Package (EDEN TOKAI LPGTERMINAL PROJECT)
Attachment: RFQ EDEN TOKAI LPG TERMINAL PROJECT.rar (contains "RFQ EDEN TOKAI LPG TERMINAL PROJECT.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 05:31:03 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=znubf7dbviofncfemceln6nkqtq73fg4cjycup5hjbwzcygonuua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar cb6812fc61aa1c5688a46088b6f9aa84e1fd94dc12702a3fa7486d9160ce6d28

(this sample)

AgentTesla

Executable exe 7758c91a218460dfc6cc95e5c106c50431cdd6cad667b4e8c98bee960ff06b3a

  
Dropping
MD5 4915f4dc75a3d75cad242cbaec279b05
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7758c91a218460dfc6cc95e5c106c50431cdd6cad667b4e8c98bee960ff06b3a

Comments