MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3a9d9a34912498103a090b437b8199d5a7f10abcf4e9e825e72c1d218adae51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f3a9d9a34912498103a090b437b8199d5a7f10abcf4e9e825e72c1d218adae51
SHA3-384 hash: 7872488689b1f2177205ee53997dc5ab49d72160eaf5497d70989cfd9d2b05d762734fd345c361d163a817a559937aed
SHA1 hash: adff339e1351b71e0936edc3993f8dee1bd9731f
MD5 hash: 0bc53c467218d57ff85daef62443d20f
humanhash: princess-mirror-alaska-lake
File name:Aviso de pago.uue
Download: download sample
Signature AgentTesla
Create hunting rule
File size:421'467 bytes
First seen:2020-06-10 07:16:43 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 12288:LwqOsupOamNGRoaMtpV5WF1pGFNotGPIuo:LTOs9nNGRoa1JeN2GAL
TLSH A894238D833F4D33944262B7C0ED788F68A53CC9A4F548F4F969A0ED8919951BAB7D08
Reporter abuse_ch
Tags:AgentTesla uue


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: outmx-267.london.gridhost.co.uk
Sending IP: 31.170.120.152
From: Med Adel B <mabend@calconut.es>
Reply-To: Med Adel B <suan@imagencolor.cl>
Subject: Re: Aviso de pago
Attachment: Aviso de pago.uue (contains "Aviso de pago.exe")

AgentTesla SMTP exfil server:
mail.collectionindiaexports.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:18:07 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ou5ti2jcjeyca5asc2dpoaztvnh6eflz5hj5as6ola5egfnvziq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

uue f3a9d9a34912498103a090b437b8199d5a7f10abcf4e9e825e72c1d218adae51

(this sample)

AgentTesla

Executable exe eefe46b37147e097eb7e6b24133ad5195bad1e7064384a2da08fdca1f6a04d34

  
Dropping
MD5 d3cebb317265fbdeb89b8b8fc1108654
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eefe46b37147e097eb7e6b24133ad5195bad1e7064384a2da08fdca1f6a04d34

Comments