MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e86a9eb3b2eb428136d3d1dfaeb9395c52dca72d7a4cc01027cfac0862536fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e86a9eb3b2eb428136d3d1dfaeb9395c52dca72d7a4cc01027cfac0862536fa
SHA3-384 hash: 67be0f9f486894b171bb7634211c424cce06c7252c18c0cb735ddd232cc24cc1f87144cbb632c205e6b611e1e35e1118
SHA1 hash: bd7b6b3ba9c3d85c8b918ff07c7653a0e149be03
MD5 hash: 6c8709c484fcb9a03b62a60aa62bb9e6
humanhash: georgia-floor-video-comet
File name:QUOTELIST.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'064'058 bytes
First seen:2020-05-10 07:41:50 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:+lP2h8VOHm1lZxq+P4r+u1tTOOWTr+5xbXaWmhg:GerH8x9Kxukdqzhg
TLSH E835332572252FBF3F30038C997ED0AB433584C991EE7A72845E6FA4F18CB99B515878
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.impiana.com
Sending IP: 113.23.215.17
From: Reservation <rsvn2.iklcc@impiana.com>
Subject: Urgent September Quote
Attachment: QUOTELIST.rar (contains "QUOTELIST.exe")

AgentTesla SMTP exfil server:
mail.dubaisafariplus.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Agenttesla
Create hunting rule
Status:
Malicious
First seen:
2020-05-10 08:35:45 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
15 of 47 (31.91%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d2dkt2z3f22cqe3nhuo7v24tsxcs3sts26smyaicpt5mbbrfg35a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 1e86a9eb3b2eb428136d3d1dfaeb9395c52dca72d7a4cc01027cfac0862536fa

(this sample)

AgentTesla

Executable exe 274a938149abafb57b99766697bb8224a2da89b238bd4b33d40c414a2186c0ac

  
Dropping
MD5 58927010291eb5fc19a97b8339edd755
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 274a938149abafb57b99766697bb8224a2da89b238bd4b33d40c414a2186c0ac

Comments