MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c6f30c84451fe9a1bbdc07466701536f29ecec1d71f58f177a52a1fb982068d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c6f30c84451fe9a1bbdc07466701536f29ecec1d71f58f177a52a1fb982068d
SHA3-384 hash: 79618d6b9488358d548eff0e72edb20dcbdfe6ec308d07c4949a7c17f857c9aa132351f49b11c1100ff7d9601990773d
SHA1 hash: 9b5810de51c4021cab260d2ded450d44d2b97a99
MD5 hash: 6b5a6c6c2a076446a084e702f6ca4aa0
humanhash: ten-coffee-alanine-grey
File name:RFQ JUNE.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'056'264 bytes
First seen:2020-06-08 07:24:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:K3liz1kfQCe/6XWvca2uJ9bvRdGP+A/OX/wLjXEvsk:KVIk9etXpRU/OoLQvsk
TLSH 532533F5F8C972D272FEC10908DFB3B169293177E48581447E0E9BA36A948A2B152377
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: s1.click-servers.com
Sending IP: 85.17.28.200
From: sales5@arrow-egypt.com
Subject: Urgent Request for quotation
Attachment: RFQ JUNE.zip (contains "RFQ JUNE.exe")

AgentTesla SMTP exfil server:
mail.chinagrill.co:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27681.XorExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 07:26:06 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hrxtbscekh7jug55yb2gm4avg3zj5twb24pvr4lxuuvb7omca2gq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 3c6f30c84451fe9a1bbdc07466701536f29ecec1d71f58f177a52a1fb982068d

(this sample)

AgentTesla

Executable exe 88e6801d9c92d2dcfc866e3fbdb7af44f8745bf81210ad323349fb09b60a7c37

  
Dropping
MD5 e0a10f32102873178dea3450a986c5eb
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 88e6801d9c92d2dcfc866e3fbdb7af44f8745bf81210ad323349fb09b60a7c37

Comments