MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 384ee16633dcbadf2f4e1be25727831ea3f0fd0841e4487d5565a08f952d2352. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 384ee16633dcbadf2f4e1be25727831ea3f0fd0841e4487d5565a08f952d2352
SHA3-384 hash: fbb23ac7c79e993b6cbf12087d22ed97506096af07e8102373dc4d5a76fd3be53933241c52b795494e8d4bc3bc4420ed
SHA1 hash: f94083e952bfd2b748174fe5eee955d00ef08cd9
MD5 hash: 7b22501d55fa735ea4968daa6b9438cc
humanhash: lithium-lake-early-summer
File name:Urgent Inquiry HEC RFQ.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:548'897 bytes
First seen:2020-06-17 06:09:16 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:cyayfUVsaUfFxLT1De/gL64DXrasYQwSlroDwenHfmUxyXe38kg1H3I3F:FhayxLB0ge4DlYElroDB/1AuMkg12F
TLSH 31C4238ED276389C250670F1F068C89E8A1DDBBCFB6C5F66DA4577A4A340C9E57E4022
Reporter abuse_ch
Tags:AgentTesla cab


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail0.106.samsongula.casa
Sending IP: 161.35.199.253
From: Giney Er (Ms) <GineyEr@hdec.co.kr>
Subject: Urgent Inquiry (RFQ)
Attachment: Urgent Inquiry HEC RFQ.cab (contains "Urgent Inquiry (HEC RFQ).exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FakeAlert.9060.1798.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 06:11:03 UTC
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hbhoczrt3s5n6l2odprfoj4dd2r7b7iiihseq7kvmwqi7fjnenja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab 384ee16633dcbadf2f4e1be25727831ea3f0fd0841e4487d5565a08f952d2352

(this sample)

AgentTesla

Executable exe 651b7d097b570f7c0f182fb52c3d703fbaf3b80e189d8dea1d84e5971a5ea982

  
Dropping
MD5 4dcf2260b10788856a41785081a38cb0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 651b7d097b570f7c0f182fb52c3d703fbaf3b80e189d8dea1d84e5971a5ea982

Comments