MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe7075321bacd41b72c1dcf19d9a6f9fde14dbb18a04eb8164fb179621de12eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe7075321bacd41b72c1dcf19d9a6f9fde14dbb18a04eb8164fb179621de12eb
SHA3-384 hash: e55270a8cf10546bab95908e6ab273f02526773e9e2654c27524b06f0bdffc3cfb6d96e3a3b2b157e25ba855c57dd092
SHA1 hash: 378c017d841f783a2ce838e3c7478b8de2141e47
MD5 hash: 19da4d00633ff33c0392ca1bf62d5642
humanhash: pluto-jersey-fillet-blue
File name:GMBH trial order RFQ_30860 and PO_466821 .zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:388'623 bytes
First seen:2020-06-15 05:30:45 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:RuWPCF5SV4FTwsa8XQD3cjJoOVSTejAryZsnp63q7dP0ak1bbWYxK8wKIK+:RhCF5S2TaB3ZOGejAryZ6lKaCWYxK81+
TLSH 6584230D728E6BBF4980F5EA478F696A2534D1C2B74304E5A9C11CDA7A97EFC8D00ED4
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hwc-hwp-5529510
Sending IP: 23.254.230.113
From: Sigrun Weimann <sigrun.weimann@roht-industries.com>
Subject: ROTH INDUSTRIES GMBH trial order ( RFQ_30860 and PO_466821 )
Attachment: GMBH trial order RFQ_30860 and PO_466821 .zip (contains "GMBH trial order ( RFQ_30860 and PO_466821 ).exe")

AgentTesla SMTP exfil server:
mail.ab-care.eu:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34016426.19424.29719.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 05:32:08 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7zyhkmq3vtkbw4wb3tyz3gtpt7pbjw5rricoxale7mlzmio6clvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip fe7075321bacd41b72c1dcf19d9a6f9fde14dbb18a04eb8164fb179621de12eb

(this sample)

AgentTesla

Executable exe 433f8b24c2728c35d6f0145c333c6b5e75c68eb75f07fe76752a63c9087f2e8a

  
Dropping
MD5 a37f168285beb5ed2a08c93f4f55975c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 433f8b24c2728c35d6f0145c333c6b5e75c68eb75f07fe76752a63c9087f2e8a

Comments