MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c76af7a65415bbed3f32a6a39d14e95eed5a9f706a913201b853daba0a77135. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c76af7a65415bbed3f32a6a39d14e95eed5a9f706a913201b853daba0a77135
SHA3-384 hash: 9356d93b5778adf47b63859c2f41d827a348d731b689822ddfd15549c43fdd6d4fe24a15c388e2e5f4276f4a5c112a24
SHA1 hash: 62dfdcc16811fc9f550c8a7ff633034e2c2ce1bb
MD5 hash: 1acb81660081ebfef5dce07e5be44e97
humanhash: jupiter-georgia-wolfram-football
File name:ETA_Bill of lading.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:528'074 bytes
First seen:2020-05-05 12:55:53 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:BY+kBFL3hYhc7iGfzeUJ3Qg0gIQX42GDF0Q0/PpX1EKA7Jc:qBNWu7Vfz3L0gKvDF0VHp6rJc
TLSH 99B4235F15970E44D0CFEEF762BE294BE7806D60A429D422C982E991FE6220F40FD5F9
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sg2plwbeout19-2.prod.sin2.secureserver.net
Sending IP: 182.50.144.36
From: <info@cube-me.com>
Subject: // SHIPMENT ADVISE // SEA SHIPMENT/28CTNS HB/L # DAC0024943 COB:\x0a 30-APR-2020]
Attachment: ETA_Bill of lading.gz (contains "ETA_Bill of lading.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Frs
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 13:35:38 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
11 of 31 (35.48%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=br3k66tfifn35u7tfjvdtukosxxnlkpxa2urgia3qu62xifhoe2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 0c76af7a65415bbed3f32a6a39d14e95eed5a9f706a913201b853daba0a77135

(this sample)

AgentTesla

Executable exe d91349a250737beb2a850a17934110dc7e474d395628252980ada6c3a6906d1d

  
Dropping
MD5 d785d08c8d333941a87f489b178ae5e8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d91349a250737beb2a850a17934110dc7e474d395628252980ada6c3a6906d1d

Comments