MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd7388ec13a680a21e9c724555434c85e212b7a89096782dc43b915f675d39d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd7388ec13a680a21e9c724555434c85e212b7a89096782dc43b915f675d39d2
SHA3-384 hash: 5fa9516d21e20d35cf042018fb08b4c5af234c96fd589c077d6d938f6d9d1f14b92c45aa47bb13fdc21950fec7e22b98
SHA1 hash: f4157f1d278a2cfed597d4b67b25bb84eba32491
MD5 hash: d2dc932b737251a5242ddccceb1a3fe2
humanhash: high-jig-romeo-timing
File name:Trung Viet - new order documents_0020.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:549'649 bytes
First seen:2020-06-20 12:43:12 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:lWX2xnlRA0krirj3r/a00x9uLhfKbNxBG/MhqmxmiyWBi:oIlRAXriX3uTuMNxBkKkwI
TLSH 40C423F03761CC36F096A1C6FDEE4A99934320EAB847D25BA2C2D6095C54DBB7773290
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: petrit.best
Sending IP: 104.129.0.123
From: Daniel Tran <info@thaibev.com>
Subject: TRUNG VIET IMPORT & EXPORT - NEW ORDER
Attachment: Trung Viet - new order documents_0020.gz (contains "Trung Viet - new order documents_#0020.exe")

AgentTesla SMTP exfil server:
mail.daiphatfood.com.vn:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-20 12:45:04 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3vzyr3atu2akehu4ojcvkq2mqxrbfn5isclhqloehoiv6z25hhja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz dd7388ec13a680a21e9c724555434c85e212b7a89096782dc43b915f675d39d2

(this sample)

AgentTesla

Executable exe cb037c1db10c1211bf9ae9b2bedffefffc20a3ba95295efd69f2f270c8afed30

  
Dropping
MD5 061f529a79ebc01dd049acbdb1bb8528
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cb037c1db10c1211bf9ae9b2bedffefffc20a3ba95295efd69f2f270c8afed30

Comments