MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30b66ab63a95b290e308d8866110969b93d4b357556d0ce2bc6e767a3186c587. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30b66ab63a95b290e308d8866110969b93d4b357556d0ce2bc6e767a3186c587
SHA3-384 hash: e4e3596a9d8f88b582d4bd2e7cf36390ca1e0d933b5983c0a241e796abb9d37bf10ddb41db6a9e154c2641ee4adad7a3
SHA1 hash: 92731d410baf98c6bd3b44c1ec65bd5cb48bcb1e
MD5 hash: b62f4cdfb6f6adc687ae21276e5a57ae
humanhash: sweet-sixteen-lake-comet
File name:Scan docs.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:427'612 bytes
First seen:2020-06-11 05:35:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:W/TUk0KJ/Kiqd4v42APuY94TyIs5saG8oGpq:WAk0Mk2Ax94T/s5zG8jpq
TLSH 549423AD3C09F00BF89B66EE23B7DDE9E4018E2527656C635F1717512AC9A0A3D93068
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: digamma.host-in-europe.com
Sending IP: 62.75.189.83
From: info@triontech.com
Subject: Re: Bank Account Confirmation
Attachment: Scan docs.rar (contains "Scan docs.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-06-11 05:37:06 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gc3gvnr2swzjbyyi3cdgceewtoj5jm2xkvwqzyv4nz3hummgywdq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 30b66ab63a95b290e308d8866110969b93d4b357556d0ce2bc6e767a3186c587

(this sample)

AgentTesla

Executable exe e8435237623f073caefc83ba357864fa6ed91d7d0fee7b67db8620e3a793f47e

  
Dropping
MD5 81166c7ea07f401a586c7f4bd459050d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e8435237623f073caefc83ba357864fa6ed91d7d0fee7b67db8620e3a793f47e

Comments