MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d334fca4d49f94001f4022c230a2b482730cbb9b73b6e226789d3ee2e7ab731. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d334fca4d49f94001f4022c230a2b482730cbb9b73b6e226789d3ee2e7ab731
SHA3-384 hash: b208f3d7212b6c76f65484398e39a7aeb691a01aa38b9234455f1d54c10c87630e3c4eddca51921e935eba48c1197fce
SHA1 hash: 2117609cef5baac9028b111734ebf98b19de3d87
MD5 hash: 6ad457bb8013c8dbc4f84e53ea029240
humanhash: iowa-monkey-orange-alabama
File name:invoice payment.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:326'020 bytes
First seen:2020-11-19 08:23:20 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:GH3+pBzipah2ucIO7CZeHMPoEOU0UmAZEDIYTtz6duilgaw7AyrOi:raah2np7CZAUIDFiMp9
TLSH 9C6423CBF469F99A42D5D22CAF8BCD6DC0676F0DAAE5D0D0CDBE8818D95CECC01446A1
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: host.gtoolswebmail.ga
Sending IP: 52.152.234.132
From: user444@gtoolswebmail.ga
Subject: RE:Invoice Payment - TT Copy Attached
Attachment: invoice payment.rar (contains "invoice payment.exe")

AgentTesla SMTP exfil server:
smtp.scientificlevel.com:587

AgentTesla SMTP exfil email address:
info@scientificlevel.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6d334fca4d49f94001f4022c230a2b482730cbb9b73b6e226789d3ee2e7ab731/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 08:24:05 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nuzu7ssnjh4uaapuaiwcgcrljattbs5zw45w4ithrhj64lt2w4yq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 6d334fca4d49f94001f4022c230a2b482730cbb9b73b6e226789d3ee2e7ab731

(this sample)

AgentTesla

Executable exe 1b54c0c81ad125c0f59856c326b08527a95081b578b2afc0e587884b11200e3a

  
Dropping
MD5 bfb3e62256b847013b1bc417bd718a79
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1b54c0c81ad125c0f59856c326b08527a95081b578b2afc0e587884b11200e3a

Comments