MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 694b53fa187a7d4503ec584bead546aabbf0c4ef97cb9f2adeb76d2b2bb6ace1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	694b53fa187a7d4503ec584bead546aabbf0c4ef97cb9f2adeb76d2b2bb6ace1
SHA3-384 hash:	6d344fc73501c0bdbea7876fa8f54960a3717fff05282f1c89f440aaf99417fd8d94d8b749a585fc1ef5b41aab399493
SHA1 hash:	f88e59c9316003c221464ec737a4a4ff4ea80459
MD5 hash:	d1c1955501c02563d93dfa5a4dcfe95b
humanhash:	speaker-dakota-michigan-zulu
File name:	RFQ-007-1220-SA-SHARJAH.IMG
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	1'310'720 bytes
First seen:	2020-08-18 07:39:17 UTC
Last seen:	Never
File type:	img
MIME type:	application/x-iso9660-image
ssdeep	12288:HzSNLQlFJeom9UyulPQn+G4mnctd+mUO2eRmEmHr5XWvOe+mopfu6DA4zgeC:TSFkFJebUysPQn+KCd+mWKmTV08uPSC
TLSH	F7551221329C6365DABB477D0820624223F6F906E721DE9E7E4C525D4F63B86C7A23D3
Reporter	abuse_ch
Tags:	AgentTesla Hostwinds img

abuse_ch

Malspam distributing AgentTesla:

HELO: hwsrv-761670.hostwindsdns.com
Sending IP: 104.168.234.23
From: HAMI PASARGAD KISH <r.baniimahd@petrohami.com>
Subject: Tender Request MOQ- Sharjah007
Attachment: RFQ-007-1220-SA-SHARJAH.IMG (contains "RFQ-007-1220-SA-SHARJAH.exe")