MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe17294f9ca6455ce707122562e68d2c488ab1c785b1d7c02d0a5b2dc53ed1f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe17294f9ca6455ce707122562e68d2c488ab1c785b1d7c02d0a5b2dc53ed1f1
SHA3-384 hash: 1df1e1fa7486f5dfa42b85bbebf7ef4c3ce9daa916fbf9d4bad7e45e616e9c493dd866bd86fff34613dc57a774c1945b
SHA1 hash: 94a488d8e7d569cb3b803093f073da7b1ea5af55
MD5 hash: 0d8000f6a3b7a95bc40266fc37a6aa4b
humanhash: paris-west-nebraska-mike
File name:Advice RefGLV721032478.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:381'627 bytes
First seen:2020-07-22 08:12:11 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:AbbL884BNz4Y44qyHOScxDsIFh8jjnEELPscyujV3bhYg4CiKdBcU4M:AD8ZHzA4q4WAqh4TEuXLZLhYkiqBcZM
TLSH 5F84231C37F2D057A5230F39CF6458549BA1B026AAAA3DF536780E77A10539EDFB280D
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.magellan-solutions.com
Sending IP: 23.235.220.99
From: Natallia Morujo <administracion@grupointerob.com>
Subject: Quotation #: OQT/167985 DT.22/07/2020
Attachment: Advice RefGLV721032478.rar (contains "Advice Ref[GLV721032478].exe")

AgentTesla SMTP exfil server:
smtp.ibtbrussel.eu:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe17294f9ca6455ce707122562e68d2c488ab1c785b1d7c02d0a5b2dc53ed1f1/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-22 08:14:06 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ylsst44uzcvzzyhciswfzunfreivmohqwy5pqbnbjns3rj62hyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fe17294f9ca6455ce707122562e68d2c488ab1c785b1d7c02d0a5b2dc53ed1f1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar fe17294f9ca6455ce707122562e68d2c488ab1c785b1d7c02d0a5b2dc53ed1f1

(this sample)

AgentTesla

Executable exe e6d40bc9c9949443b4c9a2dfa60ce4884f7552489ca64694681b28cd3bf609a5

  
Dropping
MD5 d4aae896bbbc73808b1ecc6bf3cbfc66
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e6d40bc9c9949443b4c9a2dfa60ce4884f7552489ca64694681b28cd3bf609a5

Comments