MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d4ab4633e5146174ae65cb1c14ffb8e4e2c104ef6607756366e38c29c8d344d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d4ab4633e5146174ae65cb1c14ffb8e4e2c104ef6607756366e38c29c8d344d
SHA3-384 hash: f707223246ab231b23a4541e40cfa7045909e3bc5a4f35d80a1834bb0aeaabf58d73fcfb00a501f909bbd8b87bbd3407
SHA1 hash: e19ca201682f9cb361ff1a55a1e0c0b699a69f69
MD5 hash: 378d68b9b53c6b58d4a2be2edf67ac0f
humanhash: missouri-robert-minnesota-skylark
File name:2020819 MCHPLT.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:655'414 bytes
First seen:2020-08-19 14:11:34 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:Bwt3qxI5XftE4f+66K2b5BhgB5qjx7PWWVDDEWUcxwOamaUVbX3xrfnfINQv:Bs6xCPC4f+6psDhgB5q9BV8WUcmO7XFj
TLSH E0D42384001CF08CF63D1565FDEAE3944C29A84FB68BA8799F16541EBFCD801B65B4EE
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: shippart.com.cn
Sending IP: 185.222.57.80
From: sinoocean <sinoocean@shippart.com.cn>
Subject: TSQ20200814QU1- 100CLT-200J
Attachment: 2020819 MCHPLT.gz (contains "2020819 MCHPLT.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2d4ab4633e5146174ae65cb1c14ffb8e4e2c104ef6607756366e38c29c8d344d/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-08-19 08:58:24 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fvfliyz6kfdbosxglsy4ct73rzhcyeco6zqhovrwny4mfhengrgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2d4ab4633e5146174ae65cb1c14ffb8e4e2c104ef6607756366e38c29c8d344d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 2d4ab4633e5146174ae65cb1c14ffb8e4e2c104ef6607756366e38c29c8d344d

(this sample)

AgentTesla

Executable exe b745f8bc7dd3ee96edc308bcfbe51d0807a32a31be0a99b56a847d9df84cc200

  
Dropping
MD5 434bad3dddf2e21f14a918e7c52a00cd
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b745f8bc7dd3ee96edc308bcfbe51d0807a32a31be0a99b56a847d9df84cc200

Comments