MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cde0373f8d9b15c0aec6050b8dd98e55879af5e50d0d174f65a114be65a0a6be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cde0373f8d9b15c0aec6050b8dd98e55879af5e50d0d174f65a114be65a0a6be
SHA3-384 hash: 80f544c9f98a79173ac2fd74b03b48d1c0f25aaace28e527631ed3c8a8984ffc13707c833c3562bb27798d66e62c09e7
SHA1 hash: ab41c55cd5a87418cbabd57d34e6423534fab1f5
MD5 hash: 19841644ce28b2a61b46ef5f5cb4bee6
humanhash: undress-utah-golf-princess
File name:Ref INQ17101.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:424'511 bytes
First seen:2020-06-25 05:48:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:+e8/m2IsCVv4kGeJA0LH8SFJm4Ict9enyKP:+e8e2y4kGY1LH8Sbm4ztYnLP
TLSH 809423F4AE0A97568E48298FCDCF3937B6B170A4691A47AE137475FCC4A618336480DF
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gmail.com
Sending IP: 156.96.62.70
From: "yongzhi chui" <yongzhi.chui@gmail.com>
Reply-To: saipul.seltechutamaa@gmail.com
Subject: Ref :: INQ17101
Attachment: Ref INQ17101.zip (contains "Ref INQ17101.exe")

AgentTesla C2:
http://farda-oil.ir/wp-includes/Text/lki/ori/inc/1f68ac5278bd3f.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.SpyBotNET.17.9523.29082.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cde0373f8d9b15c0aec6050b8dd98e55879af5e50d0d174f65a114be65a0a6be/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zxqdop4ntmk4blwgaufy3wmokwdzv5pfbugrot3fuekl4znau27a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip cde0373f8d9b15c0aec6050b8dd98e55879af5e50d0d174f65a114be65a0a6be

(this sample)

AgentTesla

Executable exe be39cd2009d58faaf2e47de4717b5a4d59df17cc1f0850f299c8388ab3d3bb42

  
Dropping
MD5 59201c5ca9b8895c90a40db6e8c15270
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 be39cd2009d58faaf2e47de4717b5a4d59df17cc1f0850f299c8388ab3d3bb42

Comments