MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 334d2c5d3906c5204ec772a1bcfc1a2a0bf24ebfcef585fd3c2d4dc63373a1ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 334d2c5d3906c5204ec772a1bcfc1a2a0bf24ebfcef585fd3c2d4dc63373a1ba
SHA3-384 hash: f4ddb3ce966e69138a5f009d3ef1d25d14724ab1deb8ada427998303c30136fba31a3c8b93f01f218749cb40f179b1b7
SHA1 hash: 8dd0bc580d6080239b8ab2a4caff7156259a20b5
MD5 hash: 28b4236bf45141429c7194f58d4b0c49
humanhash: stream-colorado-football-september
File name:Proforma Invoice.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:322'406 bytes
First seen:2020-06-19 06:03:07 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:emL96pV5dmymKLhJmSpcD0FLCiQpYe8rwnCYWgXLtUCT+aImchMP:F9uV5d4MCsL4Ye8LgXLppZXP
TLSH B364237C8BEC3E5EB089113926323DA137233B517524BA1D9206E9B5AC35CFB906FD64
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: qq.com
Sending IP: 183.3.226.209
From: sales@heroim.com <sales@heroim.com>
Subject: Proforma Invoice
Attachment: Proforma Invoice.rar (contains "Proforma Invoice 20200619.exe")

AgentTesla SMTP exfil server:
samiprinting.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 06:05:05 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gngsyxjza3csatwhokq3z7a2fif7etv7z32yl7j4fvg4mm3tug5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 334d2c5d3906c5204ec772a1bcfc1a2a0bf24ebfcef585fd3c2d4dc63373a1ba

(this sample)

AgentTesla

Executable exe d22cd7fc720b7fc65ab0ec5a50e8dbde8c58c499ec5c289c0e1614f24d6255f8

  
Dropping
MD5 0c55c4e607abb7f6c593d6d8dc140a0a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d22cd7fc720b7fc65ab0ec5a50e8dbde8c58c499ec5c289c0e1614f24d6255f8

Comments