MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d1d629a8c6120297a273791df0f96ab89724a5be40ae364ad00aa00d7e5b69a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d1d629a8c6120297a273791df0f96ab89724a5be40ae364ad00aa00d7e5b69a
SHA3-384 hash: 0f1d7dd1b4ca94787cf061ac71ae9665a887742b89786a54df4321d19a0cf66c6214a42416bfa355f3197645dda7ffd4
SHA1 hash: a8b6a8068dcf64b3d009d927aba8cd7dc34cc634
MD5 hash: 7bffdda9c81bac229645de40ff33a0ad
humanhash: juliet-black-march-bluebird
File name:NEW P.O FOR TENDER PURPOSE.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:998'501 bytes
First seen:2020-06-03 07:43:02 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:bBzPc53zk+3lfeSWlucn/1hIASNWPx+gUGInNZVjvvXW:skwWJ35xJUGIhj3XW
TLSH 39253319A051DF8D5E17500D32A762CE2C039F3CB4574926CB4F0AA99AF97F9FBC84A4
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: s111-ir-cpanel-trade.maindns.net
Sending IP: 185.165.116.18
From: Dominique Bombelles <tami-info@tami-industries.com>
Reply-To: tami-purchase.industries@gmail.com
Subject: NEW P.O FOR TENDER PURPOSE
Attachment: NEW P.O FOR TENDER PURPOSE.zip (contains "NEW P.O FOR TENDER PURPOSE.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 04:29:39 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nuowfgummeqcs6rhg6i56d4wvoexess34qfogzfnacvabv7fw2na._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6d1d629a8c6120297a273791df0f96ab89724a5be40ae364ad00aa00d7e5b69a

(this sample)

AgentTesla

Executable exe 3afbcc37005070c07060cf6f91ff1da363e4a906f3d6b362f98484d4e9109244

  
Dropping
MD5 cb04d145e305cb0dfaae945b4603922a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3afbcc37005070c07060cf6f91ff1da363e4a906f3d6b362f98484d4e9109244

Comments