MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30a87a46d22e098fe05ade8a3d0b9855c7b5f74d1249ed0486fbc3ba50af3fc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	30a87a46d22e098fe05ade8a3d0b9855c7b5f74d1249ed0486fbc3ba50af3fc7
SHA3-384 hash:	1437061c31fdc54bd5b070007f9e03cd706d13888937ebf516b68910378be97aa03fbc7deae5e3fdfd661311246bd9c3
SHA1 hash:	6737c1c1ae89593fb068eeadedf631369f2b7642
MD5 hash:	1e00d493c3c2010f0742f14a3eafbf1a
humanhash:	thirteen-beryllium-lion-alaska
File name:	urgente RFQ 12062020.iso
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	485'376 bytes
First seen:	2020-06-12 07:00:09 UTC
Last seen:	Never
File type:	iso
MIME type:	application/x-iso9660-image
ssdeep	12288:MXdXAKL/WS0ycHfED8en/BqhJM06g/j4Gs9:MNXAKR0Den/BqhJM7g8
TLSH	FAA4E188369072EFC45BC83289651C24EA32B867572BD347B09F216D9B4E5A7CF112F2
Reporter	abuse_ch
Tags:	AgentTesla iso

abuse_ch

Malspam distributing AgentTesla:

From: JoaquinJulian <Joaquln.Julian@yfai.com>
Subject: QUOTATION REQUEST (YANFENG).
Attachment: urgente RFQ 12062020.iso (contains "ke6dZDC4A76N528.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587