MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 695b31784c56f2c72dc57a0f354326ac71b374300e0370d64f70cac29e963876. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	695b31784c56f2c72dc57a0f354326ac71b374300e0370d64f70cac29e963876
SHA3-384 hash:	777079d94736fd978ce5b9034350f297ef19e20f85b14c6da0a2d76870204c44a7e602444f7311857c7e366a1ac50c20
SHA1 hash:	baf571b92436b9901ece1b5887ae478e10c3eb3e
MD5 hash:	368e8738d3e4d31540f07bd65725d46b
humanhash:	glucose-idaho-crazy-kilo
File name:	Offer Require 200444.gz
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	476'299 bytes
First seen:	2020-08-18 11:44:07 UTC
Last seen:	Never
File type:	gz
MIME type:	application/gzip
ssdeep	12288:jpI2UU1WH9DWDrvErGzzdJ5bGVmikmJgH7WBMuoky+eEKR:a2grGdJem9cgH70MYFG
TLSH	FBA42339EC63489C20E5BC462FA8595548EC0CDC36E1488F1A5D0FD4A4EEAADBF55F0E
Reporter	abuse_ch
Tags:	AgentTesla gz

abuse_ch

Malspam distributing AgentTesla:

From: Sunil Telkar <info@himsanpolymer.com>
Subject: RE: Offer Required
Attachment: Offer Require 200444.gz (contains "Offer Require 200444.exe")

AgentTesla SMTP exfil server:
smtp.ikrrispharmanetwork.com:587

AgentTesla SMTP exfil email address:
amazing.grace@ikrrispharmanetwork.com