MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c3b45e6d6265197ba3924d89a6a824e31918e48df05a21c130ac9921d3f27a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c3b45e6d6265197ba3924d89a6a824e31918e48df05a21c130ac9921d3f27a9
SHA3-384 hash: 903ebcdf7f87504d14e1a3a4c6764b829e14e8adfb87833b4beb0005af285b8dba1ec45f13240b41309bdc922604c18c
SHA1 hash: 106e27db39b501be1a1fdbe102aae113e94adb47
MD5 hash: 1864a8d42ebe62b33c86d53e38eb5e68
humanhash: montana-fifteen-alanine-video
File name:ALWAKRA PROJECT_REF0002325062018_DA26.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:483'978 bytes
First seen:2020-07-09 08:29:00 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:CQ/ikmOQSiCqw1+lg+lpUajksAnB7FpymNaa:t/Ngw1wggDjHAnljygP
TLSH FCA423E9D896EDFAB570E73E4FC149302FA8B83A22D543620729F1C22C9074354BD57A
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: osp.co.tz
Sending IP: 103.99.0.50
From: Procurement Department<info@osp.co.tz>
Subject: RFQ: ALWAKRA PROJECT_REF00023#25062018#_DA25
Attachment: ALWAKRA PROJECT_REF0002325062018_DA26.z (contains "ALWAKRA PROJECT_REF00023#25062018#_DA26.exe")

AgentTesla SMTP exfil server:
mail.mytravelexplorer.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c3b45e6d6265197ba3924d89a6a824e31918e48df05a21c130ac9921d3f27a9/
Threat name:
Win32.Trojan.Bluteal
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 08:30:11 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hq5ulzwwezizporzetmju2ucjyyzddsi34c2ehatblezehj7e6uq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 3c3b45e6d6265197ba3924d89a6a824e31918e48df05a21c130ac9921d3f27a9

(this sample)

AgentTesla

Executable exe a0b5afcab56631d737decbb0378a3aa681f0d053fba8b829a039b452c0be79ed

  
Dropping
MD5 b42a75b9f278b66aeb068ef55e6cdd12
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a0b5afcab56631d737decbb0378a3aa681f0d053fba8b829a039b452c0be79ed

Comments