MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f389d6b8af5ded5ed7997cf640b0267553c7fe28e17e0ae23586f15e3c5ea63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	6f389d6b8af5ded5ed7997cf640b0267553c7fe28e17e0ae23586f15e3c5ea63
SHA3-384 hash:	0bbc7b59b4eea6d34a3fb0d57ce75e860400c513af4d69d36e36411a52f1b3c361080f39bfcc30a18b315cc41897beb2
SHA1 hash:	f6fc0a0de48ab40c4ea23920d0dc6cea0c7614f6
MD5 hash:	e432d4422a2698e26c1cd7036b9704c3
humanhash:	stream-single-cat-pennsylvania
File name:	MV NAHIDE-M EDPA REQUEST FOR SHIPYARD CALL.rar
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	629'167 bytes
First seen:	2020-08-20 06:27:07 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	12288:s5ilIo2tlEODj3KDmm5b5K2U75RcepmcowWFLv1mAAY8/JxgQZ1VsTr:s1EwaDme83CzLvYB/gQzqP
TLSH	60D42335FF1D91BE96F0C1AD34B30B76A30289531156DB30B7693E0B72B850AA16FD86
Reporter	abuse_ch
Tags:	AgentTesla rar

abuse_ch

Malspam distributing AgentTesla:

From: "Panlink Shipping Agency(Jiangyin) Co.,Ltd " <agency@panlinklogistics.com>
Reply-To: howardbrisson@gmail.com
Subject: MV NAHIDE-M // EDPA REQUEST FOR SHIPYARD CALL
Attachment: MV NAHIDE-M EDPA REQUEST FOR SHIPYARD CALL.rar (contains "MV NAHIDE-M EDPA REQUEST FOR SHIPYARD CALL.exe")