MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3663b7c6160feb525af33dce1e971a2b0ca10aab592c59a499366f785c46c5ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3663b7c6160feb525af33dce1e971a2b0ca10aab592c59a499366f785c46c5ff
SHA3-384 hash: 5511d79275560dd806523880f57eb953a9d45e854eb4cef495b80db31b4d6bd4b8cf35bed37e0715db0dfe899eab8365
SHA1 hash: 7f3e0a6d440522e00809036bd1dd12544db20c3f
MD5 hash: 4249d38a1c0f7e2fb3aafd7c48f633fe
humanhash: mars-twelve-mars-neptune
File name:Scan_0000395182746.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:462'921 bytes
First seen:2020-08-11 12:26:37 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:2IrBIxFAd3c5TTiAW4r6qYPalVgBpJlMZ6RtL/qFvblODRr2hi:2Iixk3cdpn2RPGqd86RtL/qFvbIFai
TLSH F2A423767049259E0B6B59913CAB57CB30165938AF271D02D66FAB25703C3E3CACB3E1
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: Gabriela Matos <info@carmelalves.pw>
Subject: Solicitud de CotizaciĆ³n
Attachment: Scan_0000395182746.rar (contains "Scan_0000395182746.exe")

AgentTesla SMTP exfil server:
web2.changeip.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3663b7c6160feb525af33dce1e971a2b0ca10aab592c59a499366f785c46c5ff/
Threat name:
ByteCode-MSIL.Trojan.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-08-11 12:28:09 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gzr3prqwb7vvewxthxhb5fy2fmgkccvllewftjezgzxxqxcgyx7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3663b7c6160feb525af33dce1e971a2b0ca10aab592c59a499366f785c46c5ff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 3663b7c6160feb525af33dce1e971a2b0ca10aab592c59a499366f785c46c5ff

(this sample)

AgentTesla

Executable exe 4756d7695557a0c18e9f662cb1b17639cacf4dbc017ee733a62f1b9d0c37a950

  
Dropping
MD5 138f5d6cd922797e126fdc3b22aa618c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4756d7695557a0c18e9f662cb1b17639cacf4dbc017ee733a62f1b9d0c37a950

Comments