MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2684031accd6c43abe67d62f1901374970f18999c51c7fd19d0d047ea7232fb8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2684031accd6c43abe67d62f1901374970f18999c51c7fd19d0d047ea7232fb8
SHA3-384 hash: dd6d9847866cf5dc9111a79b8528277219b3d34ff894add4a92166df2e8553a8dbc6b3e123fda72cac63b8f6960a7e37
SHA1 hash: 526bfef123357bba6ba8b347bf7f82ce294954e4
MD5 hash: 43ac4837ede606f770bdc08667d5ed13
humanhash: hotel-fish-undress-wolfram
File name:RFQ140820.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:375'197 bytes
First seen:2020-08-14 15:35:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:gbTAr9na89yIkpCiBlCZ9Y9cvpACGVIUQ1PB+xtQgbNHWK/EgQxrub7mHDUqqT8J:/9a74Z9YaLGV3QSf5/c8WHAnwgJ0iy
TLSH 6284238054477FFA8E826B70BC4F4D16F108E39924B18893696626DF89C74A73B94E9C
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.spacevalue.com
Sending IP: 216.194.164.187
From: charles@ultranettechnologies.com
Subject: RE: RFQ140820
Attachment: RFQ140820.zip (contains "RFQ140820.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2684031accd6c43abe67d62f1901374970f18999c51c7fd19d0d047ea7232fb8/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=e2caggwm23cdvpth2yxrsajxjfypdcmzyuoh7um5buch5jzdf64a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2684031accd6c43abe67d62f1901374970f18999c51c7fd19d0d047ea7232fb8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 2684031accd6c43abe67d62f1901374970f18999c51c7fd19d0d047ea7232fb8

(this sample)

AgentTesla

Executable exe 6011714f77a9cfdf682b04df3490a0ca227d9a64074946304b8ccd0c83e6264e

  
Dropping
MD5 09013774aa4a7b0a4394f394a0f2fb42
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6011714f77a9cfdf682b04df3490a0ca227d9a64074946304b8ccd0c83e6264e

Comments