MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51f3186099df8f824da6051525210022dad79f42b367d483c2d9d5a3bdede0e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51f3186099df8f824da6051525210022dad79f42b367d483c2d9d5a3bdede0e7
SHA3-384 hash: f2d63a7eac248bca2d4ed0a70d3ad0fe412b5337454bf740b4fee3bae9704285d0bfd860f14b832b38bc458e4842acda
SHA1 hash: 4b801cc11fadd016d2fd80a78a38a23f010d3168
MD5 hash: 99c5f3ea4d4587345947725ca82ac3f1
humanhash: monkey-texas-georgia-edward
File name:Quote 1-2.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:487'486 bytes
First seen:2020-07-29 14:40:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:10bHPQ4KSewkbgS0fiQyg17YYYqu41IH2:10bHokkBeiA17YYvIH2
TLSH 7CA4236B40E7BB8B717A5A689D9C6A7BDF74A30A49034480C1D7699C75D08F3043E8BF
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: svr111.phsserver.net
Sending IP: 203.175.162.15
From: Alexios Eliyah <test@shanghaicentury.com.sg>
Reply-To: Alexios Eliyah <milliano@mail.com>
Subject: Please confirm Quote # 1-2
Attachment: Quote 1-2.rar (contains "Quote 1-2.exe")

AgentTesla SMTP exfil server:
smtp.autoshorp.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51f3186099df8f824da6051525210022dad79f42b367d483c2d9d5a3bdede0e7/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=khzrqyez36hyetngaukskiiaelnnph2cwnt5ja6c3hk2hppn4dtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/51f3186099df8f824da6051525210022dad79f42b367d483c2d9d5a3bdede0e7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 51f3186099df8f824da6051525210022dad79f42b367d483c2d9d5a3bdede0e7

(this sample)

AgentTesla

Executable exe 3d45c2d722943f528c0d86394c729d962a122f2fde067e69870220cdfb54cbe1

  
Dropping
MD5 22bcaeb1797cfb834c9674e909eb695a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3d45c2d722943f528c0d86394c729d962a122f2fde067e69870220cdfb54cbe1

Comments