MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 30cd30cc663616c9c6de03b7a13cecf8485301c4ad02dc7392174ce44b4f7d04. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 30cd30cc663616c9c6de03b7a13cecf8485301c4ad02dc7392174ce44b4f7d04
SHA3-384 hash: 668c556ffdfc9808bbf2d3bb57b113bc0e422faf5dfcfe37fb9b44e8e649f7f97e1e9e3a494b9df209fe4814c036dc19
SHA1 hash: 63b47adeb66f31237bab2873ba3337866ab8c53b
MD5 hash: 16effc5575597db34805496183bf6858
humanhash: missouri-charlie-thirteen-friend
File name:RFQ PDSK20204247.7Z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:476'483 bytes
First seen:2020-07-28 13:09:17 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:1/n7+ug1YG4HI9hQJpXdYjFvg7P5Y2OC419s:1/nCug1uo9hSLX7RYdC41q
TLSH 8BA423B64E9C8AD2748BF13639E38922351BACCD754C9685FF25CE9C1B750111EAD20F
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: "Sathishkumar Rajenthiran" <sathishumar.rajennthiran@heirsco.com>
Reply-To: sathishumar.rajennthiran@heirsco.com
Subject: RFQ / PDSK/2020/4247
Attachment: RFQ PDSK20204247.7Z (contains "RFQ PDSK20204247.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/30cd30cc663616c9c6de03b7a13cecf8485301c4ad02dc7392174ce44b4f7d04/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-28 13:11:05 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gdgtbtdggylmtrw6ao32cphm7befgaoevubny44sc5gois2ppuca._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/30cd30cc663616c9c6de03b7a13cecf8485301c4ad02dc7392174ce44b4f7d04

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 30cd30cc663616c9c6de03b7a13cecf8485301c4ad02dc7392174ce44b4f7d04

(this sample)

AgentTesla

Executable exe be90335c4096906dba92f3f53fa540505ebcd8b1d08ff16ad89542cf2e170d4e

  
Dropping
MD5 6aeed3653a5f0b56b023a9ff43c2430b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 be90335c4096906dba92f3f53fa540505ebcd8b1d08ff16ad89542cf2e170d4e

Comments