MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ca3d3838ebfc19f62421e6e264e0f87ddd084f202012dbe2883d8efaffd81fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6ca3d3838ebfc19f62421e6e264e0f87ddd084f202012dbe2883d8efaffd81fb
SHA3-384 hash: edd5d2233c69376680ef36416ff65121167d6758cfaaf3dcd04fe28e585911fcbb54110468eab2456a6c3d8570ec4e1a
SHA1 hash: db80f2f1af68443363b4f3997208e62629a37199
MD5 hash: 8dc4cdb409a8b61424580908fa19e1cd
humanhash: virginia-pizza-venus-purple
File name:NEW RFQ MTECH.Gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:332'355 bytes
First seen:2020-11-13 06:47:15 UTC
Last seen:2020-11-13 10:26:21 UTC
File type: gz
MIME type:application/x-rar
ssdeep 6144:2dNTh8f/wU4lglm8PqaYgNFtgDsVYfPtQ1r/ymdU81jeJ6YP5SdX2nke:2dYIUeg0ctgv90qm+81TYRn
TLSH C36423662D40FC057E5E3F68264EACC8B141AA39638E6B6398D109D4D530B4DCBDB4FB
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Luna Cheng <salespnh@galileocambodia.com>" (likely spoofed)
Received: "from galileocambodia.com (unknown [37.49.225.191]) "
Date: "12 Nov 2020 20:30:44 +0100"
Subject: "URGENT RFQ - ADNC TAIWAN Please quote your most competitive rates"
Attachment: "NEW RFQ MTECH.Gz"

Intelligence

File Origin
# of uploads :
2
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6ca3d3838ebfc19f62421e6e264e0f87ddd084f202012dbe2883d8efaffd81fb/
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-11-12 03:05:51 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nsr5ha4ox7az6yscdzxcmtqpq7o5bbhsaias3priqpmo7l75qh5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 6ca3d3838ebfc19f62421e6e264e0f87ddd084f202012dbe2883d8efaffd81fb

(this sample)

AgentTesla

Executable exe 83b29de5935d98be775a17ab0d062e0bad44935cf7f7e24db5c184796bccfcb4

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 83b29de5935d98be775a17ab0d062e0bad44935cf7f7e24db5c184796bccfcb4
  
Dropping
AgentTesla

Comments