MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e9ad0d2fb19aa2cabca05ae38c129e9cd07c36807884fe4ff742de42860a383. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e9ad0d2fb19aa2cabca05ae38c129e9cd07c36807884fe4ff742de42860a383
SHA3-384 hash: e35e2dc5bf48bf44fe4a5d679e73760f8b751930c1e84cd18aab5370757da8f996f88fc7d5789f87f3a9c4e9ae31cd11
SHA1 hash: abdb287e2241ceb697b0c503f587941e240b0c30
MD5 hash: 7dc50be75c21e8a8c6592f892d5c9932
humanhash: spring-whiskey-finch-colorado
File name:Quotation 84734.Scan.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:397'624 bytes
First seen:2020-06-09 06:01:43 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:r6NaxXOMuSRigy3F2yz3EkX+fq/vWjUg9tF:+NaRVuSR3yz3Eu+fKWU6tF
TLSH DD8423F5A23DAEDB282AE8576A1207710AC791C2839D1713B78FB37D99E0F0D7590E11
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vps-cogitijaen.coitijaen.es
Sending IP: 195.248.231.195
From: RAVI GUPTA (SUN PETPACK) <ravi.gupta@sunpetpack.com>
Subject: New Inquiry from SUN PETPACK
Attachment: Quotation 84734.Scan.rar (contains "Quotation 84734.Scan.exe")

AgentTesla SMTP exfil server:
mail.brighttextiles.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 06:03:04 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f2nnbux3dgvczk6kawxdrqjj5hgqpq3ia6ee7zh7oqw6ikdauobq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 2e9ad0d2fb19aa2cabca05ae38c129e9cd07c36807884fe4ff742de42860a383

(this sample)

AgentTesla

Executable exe 5f52cedbc7bbfd17169e44dd41590390409e199863064eff80ef9965595bfb29

  
Dropping
MD5 c0b9075d671f089c94c057a4443290ae
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5f52cedbc7bbfd17169e44dd41590390409e199863064eff80ef9965595bfb29

Comments