MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dcd01828e8e3496dfbbd1c9c1a2715f0cbbf3149eb4a5e8601fa8f199b3f953f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dcd01828e8e3496dfbbd1c9c1a2715f0cbbf3149eb4a5e8601fa8f199b3f953f
SHA3-384 hash: e226ad4567abc3e8ed019248d69464d6d062811faed1a618c4bd97fba8285cdc6f341dffe6d211b254797627b41046f9
SHA1 hash: 8d40eafe3334b0d2be6a5d6de8f625f9ab6bd36b
MD5 hash: d44d608b8daa79716f90ceb564394d5d
humanhash: beer-california-lake-india
File name:GENIC MARKETING PVT. LTD - RFQ LIST.Z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:577'794 bytes
First seen:2020-06-19 06:00:57 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:F4LZWYoGfSg9Gp5b+W2xqcb6N6DnTzDvi2c:IiI45b+Wsqcb6N6vri2c
TLSH 6CC4231AE1BF82B4B84E6FA229C4CA53CDC7B845DFD32E70923CD1E68B550187C59C86
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: [185.234.219.109]
Sending IP: 185.234.219.109
From: Mrs. Leo <sales@genic.com.mv>
Subject: PURCHASE ORDER INQUIRY
Attachment: GENIC MARKETING PVT. LTD - RFQ LIST.Z (contains "GENIC MARKETING PVT. LTD - RFQ LIST.exe")

AgentTesla SMTP exfil server:
mail.starkdxb.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Suspicious
First seen:
2020-06-19 06:02:07 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3tibqkhi4new3655dsobujyv6df36mkj5nff5bqb7khrtgz7su7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z dcd01828e8e3496dfbbd1c9c1a2715f0cbbf3149eb4a5e8601fa8f199b3f953f

(this sample)

AgentTesla

Executable exe 74ab856c2d5235f78fa546a5086abab294bebfa2ae9550345e272f6a645f6d80

  
Dropping
MD5 daeb1336cd30df8a47a651decc6a1c87
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 74ab856c2d5235f78fa546a5086abab294bebfa2ae9550345e272f6a645f6d80

Comments