MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1c3c7d83a8f1b3360f2af116b4040343d4911a424c8edadbd701f51abb92d4f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1c3c7d83a8f1b3360f2af116b4040343d4911a424c8edadbd701f51abb92d4f
SHA3-384 hash: fb8898c39965de139b2c3edc79ddb08aa24e8b5bde97f74955103b93b45e9b3ec143eb54e08dbdd2e49b7fe01386f366
SHA1 hash: 3259377349b881314013ca6218b734f0696c8b80
MD5 hash: 3c047c955c85a73c92a2258b6c76a2b7
humanhash: mockingbird-kitten-july-whiskey
File name:Quotation Enquiry 872H830.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:393'523 bytes
First seen:2020-04-29 15:51:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:WopDxGOr7ANqUd03AOjqa/NFPnyR0dToHKl:Z/rrcPKLvdcHKl
TLSH 6E84235CDA131D90BDE4EF72A6D5209C72E72B633EB195197CA2CC047E04B08C869E9F
Reporter abuse_ch
Tags:AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: in.integraweb.live
Sending IP: 77.242.152.48
From: Jaymon Alvarado <integraweb@gmail.com>
Reply-To: info@integraweb.live
Subject: Quotation Enquiry #872H830
Attachment: Quotation Enquiry 872H830.zip (contains "Quotation Enquiry #872H830 PDF.exe")

AgentTesla SMTP exfil server:
mail.ab-care.eu:587 (69.175.61.114)

AgentTesla SMTP exfil email address:
chris4andy@gmail.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.66830.28777.2797.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 16:35:27 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2hb4pwb2r4ntgyhsv4iwwqcagq6useneeteo3ln5oapvdk5zfvhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d1c3c7d83a8f1b3360f2af116b4040343d4911a424c8edadbd701f51abb92d4f

(this sample)

AgentTesla

Executable exe d1a314902f558ae79e891b785eec7e87002ed607411e8dfc85b5fbb2f9ef9dc0

  
Dropping
MD5 2e229623f6647944c1a787b7d8855c72
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d1a314902f558ae79e891b785eec7e87002ed607411e8dfc85b5fbb2f9ef9dc0

Comments