MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 42f2688f472f34cec4293a3da0b34e0f7d20c66272bc7f805ba2d4718d7d37c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 42f2688f472f34cec4293a3da0b34e0f7d20c66272bc7f805ba2d4718d7d37c4
SHA3-384 hash: 27114feab1600e5e11e5896b84f3971657600822d1d99a2a453671570fa95381aba59bdff72b1f298a2b2c960be4adee
SHA1 hash: b89af4d9da893eba473b08ba1ff885ab243c8e39
MD5 hash: c663b6f042a8ca77056cbe8cdade06ba
humanhash: sierra-red-six-hotel
File name:QUOTATION REQUEST.XLSX.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:362'140 bytes
First seen:2020-06-28 07:37:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:+LrhZQaBClbYwLOXCPolv+1bGOi7sUzbfi+8Ml8Oc3avkz+oXijNmEhCgz/aa9ms:+LnZBCVLxolvUbMIUffiAl813avkz+sA
TLSH 827423904A967A1C5A5F0BACD92200F26DF9780F0C62DC9D3D49F2C358EB792943BF58
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.pvchem.com.vn
Sending IP: 103.35.64.83
From: Tong Công Ty DMC <pvchem@pvchem.com.vn>
Subject: QUOTATION
Attachment: QUOTATION REQUEST.XLSX.gz (contains "P.O 899475675857.exe")

AgentTesla SMTP exfil server:
mail.chenklins.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.44125.9366.9170.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/42f2688f472f34cec4293a3da0b34e0f7d20c66272bc7f805ba2d4718d7d37c4/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-28 07:39:04 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ilzgrd2hf42m5rbjhi62bm2ob56sbrtcok6h7ac3ulkhddl5g7ca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 42f2688f472f34cec4293a3da0b34e0f7d20c66272bc7f805ba2d4718d7d37c4

(this sample)

AgentTesla

Executable exe 3f17b1407dd6b3febc9c19770d1252a7028971382c85a2b9320e416801b2f904

  
Dropping
MD5 a8d15faf6e3251bf85346225ef3b2856
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3f17b1407dd6b3febc9c19770d1252a7028971382c85a2b9320e416801b2f904

Comments