MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da0cfbc23a71172083e7a03fecbd627b169d0851f96044fd8bd0de3e742c11fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da0cfbc23a71172083e7a03fecbd627b169d0851f96044fd8bd0de3e742c11fc
SHA3-384 hash: 71387b854bcc6a0f3de1fcce1673e142f0d6e0dc216a26c614a33ae8bcd21553ef62b58678dbaf29bfa43165687c3410
SHA1 hash: 0485f79e41733eb666b83712c223072ef2bcb415
MD5 hash: acf576b58cefacda0413eb4d1f6f10fd
humanhash: moon-princess-west-autumn
File name:Quotation.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:274'856 bytes
First seen:2020-06-03 09:03:17 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:Rv7aKFZAIeHNJJUT5NlvYFPS1yXqzfiF+p6Kh:Rv7tZ9eHNJ69Pv1iqfLp5h
TLSH 1C44233AAD963778111FF65F0140DE0BCE6CAE539069BE9A3025CE268CF9D7C506C663
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.almanar-group.com
Sending IP: 85.187.140.185
From: Hangzhou Chinastars Reflective Material Co.Ltd <Yuan@akadiamondtools.com>
Reply-To: kate.wang@aus-home.com
Subject: CONFIRM PAYMENT AND QUOTATION
Attachment: Quotation.arj (contains "Quotation.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
51
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 07:30:07 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3igpxqr2oelsba7hua76zplcpmlj2ccr7fqej7ml2dpd45bmch6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj da0cfbc23a71172083e7a03fecbd627b169d0851f96044fd8bd0de3e742c11fc

(this sample)

AgentTesla

Executable exe b1c09c15d613331cc3a2ced58766909b1b3ccfbf7b6d352f3212a44b84226634

  
Dropping
MD5 0226f18d8b7634a66923bb986ba75aea
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b1c09c15d613331cc3a2ced58766909b1b3ccfbf7b6d352f3212a44b84226634

Comments