MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 715ffdccd7a864638a726085c4a43cde56b1060e0be3e474c61e01ce0f0c4eaa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 715ffdccd7a864638a726085c4a43cde56b1060e0be3e474c61e01ce0f0c4eaa
SHA3-384 hash: d5fbd31083b2e609bfefda7f0636227213fabb46d168b8fcffa119b0403fc95818c40240564dc35dc803d5539a9b0b12
SHA1 hash: 42c1f15b3fc97dcab0dc54e73ffefc1d8e2f7861
MD5 hash: 054075b2e54225ff5e4f4c4f52dfefef
humanhash: island-november-nebraska-virginia
File name:RFQ2888383PRC_PDF.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:311'816 bytes
First seen:2020-05-06 16:55:38 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:fP9fg8tZ7zM2mI/S2JCMu/0vYhna6VNYBCRNjhE5BOiIxhVX:fLZ7Rfq2nvYhnBpK3OiIxT
TLSH C5642314460ECFAEA66C721A3EF4F11A57A305B3EB9C33DDC2E09868F59E648D434176
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: [209.58.149.66]
Sending IP: 209.58.149.66
From: Liakhat Hussain <com_sec@unisteel.com.sa>
Subject: UNIS-TRADE PURCHASE ORDER
Attachment: RFQ2888383PRC_PDF.gz (contains "gunzipped")

AgentTesla SMTP exfil server:
smtpout.asia.secureserver.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.gh.16103.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 07:06:55 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ofp73tgxvbsghctsmcc4jjb43zllcbqobpr6i5ggdya44dymj2va._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 715ffdccd7a864638a726085c4a43cde56b1060e0be3e474c61e01ce0f0c4eaa

(this sample)

AgentTesla

Executable exe 799e7b4209f8eaba177033adfeede982f04fc78671aa15d64e57d82b9040a92b

  
Dropping
MD5 38e590b90803aab6db0c7c8a09d8c15f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 799e7b4209f8eaba177033adfeede982f04fc78671aa15d64e57d82b9040a92b

Comments