MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e75b89cadfab012ff958c6abaaebfb6bb336d74f87a2fd324567dd9d18478cdf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e75b89cadfab012ff958c6abaaebfb6bb336d74f87a2fd324567dd9d18478cdf
SHA3-384 hash: 9229db0488cafc31c92b839c6fb802798be9710a6fa5ac092f807575ee83f9a490613685e1f8a9e0756552311eac1b6e
SHA1 hash: d024456311d84941d5a2f0f03b33b99cee513a44
MD5 hash: 1bc816ad5272e1c9c8b614b5cead4cbd
humanhash: orange-butter-winter-jupiter
File name:Quotation 061620-XM.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:368'772 bytes
First seen:2020-06-16 12:47:38 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:WXIYCW1jtmOeXIW3YhGdlmJj5iw3iovUB6ShbW6o+i3Qx4yuXnepbXpSq+oMRE:qC8S33GGdla4QmQSxea57
TLSH 207423E5867A0AD356CFAA05D7B60D81ED3D43E85D8ABFBFB1B86015101C2D8254CACF
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: harveygulfy.pw
Sending IP: 142.11.212.2
From: UNITED TRADING CO.LLC <hr@harveygulfy.pw>
Reply-To: christine@xmh.com.sg
Subject: Urgent RFQ: 1620
Attachment: Quotation 061620-XM.gz (contains "Quotation 061620-XM.exe")

AgentTesla SMTP exfil server:
smtp.danapis.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 12:49:05 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=45nytsw7vmas76kyy2v2v273noztnv2pq6rp2msfm7oz2gchrtpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz e75b89cadfab012ff958c6abaaebfb6bb336d74f87a2fd324567dd9d18478cdf

(this sample)

AgentTesla

Executable exe 004b0801cc586f6d665deac28c87c85e4f352fdd9fa2434f9e9dfc10919f1332

  
Dropping
MD5 fc36abf11620e6eaafb4ced06f11a9b6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 004b0801cc586f6d665deac28c87c85e4f352fdd9fa2434f9e9dfc10919f1332

Comments