MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2471415124ebd360a32319ae401fcedbba1f264652085104506d95b47067cf4e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2471415124ebd360a32319ae401fcedbba1f264652085104506d95b47067cf4e
SHA3-384 hash: 71245bbb9a682233e07036380fab769204fa6e1e7ba20708c347317000a1e90a9002b8f3840f64ad4e094396436fcb42
SHA1 hash: 5dfdb8df57d2db45c42ef9644856e73237e3bc7a
MD5 hash: 108d6533401b57d4d38455264e0dba89
humanhash: echo-louisiana-skylark-mike
File name:INQUIRY.lzh
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'030'034 bytes
First seen:2020-07-07 09:58:16 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:xbUGmJplP/C0XzBz5MrMaXhXG4PU7K+MsT7zorc5dBs:xbUGAph/Cm15ZaxXGivZfc5dBs
TLSH 522533DEB0B47900D09F11BE06A79A5C67D5D970BBE1D6BB460B626BFE0B0443B8447C
Reporter abuse_ch
Tags:AgentTesla lzh


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: atl4mhob17.registeredsite.com
Sending IP: 209.17.115.110
From: Sales Executive<moore.erice2018@yandex.com>
Subject: Fwd: RE: Re: Rep: BANK TRANSFER DETAILS
Attachment: INQUIRY.lzh (contains "INQUIRY.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2471415124ebd360a32319ae401fcedbba1f264652085104506d95b47067cf4e/
Threat name:
Win32.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 10:00:07 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=eryucuje5pjwbizddgxeah6o3o5b6jsgkiefcbcqnwk3i4dhz5ha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 2471415124ebd360a32319ae401fcedbba1f264652085104506d95b47067cf4e

(this sample)

AgentTesla

Executable exe b34101cf2f7da895aedf2b9aab7c04d19df4e6e111c81af5ec93db6502f2a9f2

  
Dropping
MD5 ee4a13e12934d112d0e6e68560f05d3a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b34101cf2f7da895aedf2b9aab7c04d19df4e6e111c81af5ec93db6502f2a9f2

Comments