MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32ce30b24b4edaca7edd13457bf53d9e01bbf95b259f1d4749824ed875d43ead. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 32ce30b24b4edaca7edd13457bf53d9e01bbf95b259f1d4749824ed875d43ead
SHA3-384 hash: c7087c397e63ec971a359d11a316767b3d70894cc68290fd988ff89a24e6996ee558734ee436698cedb35609d1de3041
SHA1 hash: 2cbcd61ad692acb4f847bb1d127bb7366cf5d3a3
MD5 hash: f800807a741c8977d8c973a7575b8927
humanhash: johnny-table-wisconsin-kansas
File name:Tekrarlanan Siparis.pdf.uue
Download: download sample
Signature AgentTesla
Create hunting rule
File size:271'537 bytes
First seen:2020-06-15 12:29:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:/Wb0ZcnrGLGB9Pzz377t7V4QpMfemC+qXzopWgCB3ir:+b+cnrmctL7lV4QpM2pDi4BSr
TLSH 3144138AF46DD7580C046D107865CCFC66E07AD1C246E6DAEF139B13A21E6BEB3B5502
Reporter abuse_ch
Tags:AgentTesla geo TUR uue


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sivatek.com.tr
Sending IP: 156.96.62.208
From: Selcuk Bostanci <info@sivatek.com.tr>
Subject: Tekrarlanan Siparis 28102019
Attachment: Tekrarlanan Siparis.pdf.uue (contains "Tekrarlanan Siparis.pdf.exe")

AgentTesla SMTP exfil server:
mail.bestinjectionmachines.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:31:04 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=glhdbmslj3nmu7w5cncxx5j5tya3x6k3ewpr2r2jqjhnq5ouh2wq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 32ce30b24b4edaca7edd13457bf53d9e01bbf95b259f1d4749824ed875d43ead

(this sample)

AgentTesla

Executable exe c8a3fed3476b3f28b4d158607b92c132d395a86ca2375a64b9d3f0b617bdff7d

  
Dropping
MD5 059b5d11a3a5331bd00783c6a24c13d9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c8a3fed3476b3f28b4d158607b92c132d395a86ca2375a64b9d3f0b617bdff7d

Comments