MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 616f646ee0d2df7b7fe86c35294be4f245981575986d8211be87297a970976d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	616f646ee0d2df7b7fe86c35294be4f245981575986d8211be87297a970976d3
SHA3-384 hash:	436b0eb7fb9e5ea8cb51ade53164b7d95d22a278c1d0cf072d8ecacdf0700ef782c713877b2f192cdea731eee9593c18
SHA1 hash:	72bf78e4ed65f1db36a4e3b39d69a83f95bc13d5
MD5 hash:	97ed33acd68fc20972c76947c4633a8a
humanhash:	montana-robert-tennessee-fruit
File name:	SCAN.zip
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	411'810 bytes
First seen:	2020-07-07 09:03:41 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	6144:YPhebxdRsVjbhKwpS2m9TlE1MUNe74J+iB1zBYTWqu9xY//3z2njxTDH/nAY2Q77:kh5Vj8KBOBsMb0JAuxaoDH/nA+Uo
TLSH	36942352EDA80BCCFC7622268DB2AB3533644926D95552A5FCE0FE914DFE7A2D8CC101
Reporter	abuse_ch
Tags:	AgentTesla zip

abuse_ch

Malspam distributing AgentTesla:

HELO: slot0.uscedich.com
Sending IP: 45.95.169.234
From: Cathy Koerber <info@uscedich.com>
Subject: WIRE CONFIRMATION
Attachment: SCAN.zip (contains "SCAN.exe")

AgentTesla SMTP exfil server:
dies.gr:587