MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ec65e121d3ba55db9e47230767bfee0715818c3e1d5bb15020fe5cc771f085a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ec65e121d3ba55db9e47230767bfee0715818c3e1d5bb15020fe5cc771f085a
SHA3-384 hash: dd7f653f0a35439eb01e031e25ea236fd9806558ced0791023b19c9ba775124ee8d3cdd40110264da46f7ee115001ced
SHA1 hash: cc29e4606beddfcaa602becf817c246f0e329ff1
MD5 hash: fa8663be82ec2b5a48fcda0ae1c9702c
humanhash: jig-aspen-item-california
File name:INV13072020PO77463.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:399'360 bytes
First seen:2020-07-13 08:23:31 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:p5vD8Zdx7VUT25tbT2v/pL4iwb6WDywKWczUpeZdcLxdmTHiJ:YZfVUhLc6OMzLJCJ
TLSH BE841245879B8B37DDDA8A7D7E666B40C3AE49018919F348370E3359A73330246277B7
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vps.salvus.co.id
Sending IP: 103.247.11.44
From: XU GENLUO <info@meritideas.com>
Reply-To: info@dennisbearman.com
Subject: Re: COVID -19 Urgent Order Request
Attachment: INV13072020PO77463.img (contains "INV13072020PO77463.exe")

AgentTesla SMTP exfil server:
smtp.tpts4seed.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.44601.22368.1864.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3ec65e121d3ba55db9e47230767bfee0715818c3e1d5bb15020fe5cc771f085a/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 08:25:05 UTC
AV detection:
12 of 29 (41.38%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=h3df4eq5hosv3opeoiyhm6764byvqggd4hk3wficb7s4y5y7bbna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 3ec65e121d3ba55db9e47230767bfee0715818c3e1d5bb15020fe5cc771f085a

(this sample)

AgentTesla

Executable exe e98b23f13bd43ef55774986242d5a27c07c59d576b6c8a8aff136e98620d87e1

  
Dropping
MD5 726878100613c88b1fe3e43ff71fb74e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e98b23f13bd43ef55774986242d5a27c07c59d576b6c8a8aff136e98620d87e1

Comments