MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7241f15e3789a011806223b47dd8d9d36fef61b1c2bf8de9ae5cedcd4479ec83. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7241f15e3789a011806223b47dd8d9d36fef61b1c2bf8de9ae5cedcd4479ec83
SHA3-384 hash: 06fddf6ed4aa252179c37fb9c2bc8d92f2625a083362f34a885dda5b8328c4fb0c4642681a6f1a20781193375f9fc46b
SHA1 hash: eec34e257a5e658e59954782b53a3738d112c7bf
MD5 hash: 7b551ee66204412d9b7c58d322c27919
humanhash: moon-ten-floor-magnesium
File name:ITEM_M11A.01A_Z1_Equip2.xz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:429'601 bytes
First seen:2020-05-12 06:31:29 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 12288:Cj8TiQY9gefKsb2QU0cK2V/VoN4BMlr6pL+N:E8TAgefKsbHcKxlW6
TLSH 8194238B0643E0BE8F98679E29D7F4C381C0BD1F5FB811CE60D6561599B222625E38F7
Reporter abuse_ch
Tags:AgentTesla xz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: jone.com
Sending IP: 185.35.64.63
From: Apiwat Yotin <ctcigrp@ctci.com>
Reply-To: bbkeIc@outlook.com
Subject: RFQ of CFP Crude Oil Tank Project: 19P3792A-M11A.01A_Z1#Piping Equip: Chonburi
Attachment: ITEM_M11A.01A_Z1_Equip2.xz (contains "File.exe")

AgentTesla SMTP exfil server:
mail.tremdyclub.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Frs
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 06:36:03 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oja7cxrxrgqbdadceo2h3wgz2nx66ynryk7y32noltw42rdz5sbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

xz 7241f15e3789a011806223b47dd8d9d36fef61b1c2bf8de9ae5cedcd4479ec83

(this sample)

AgentTesla

Executable exe 7d5511dc16aa126baa05a442f6717012c124100ef7a7a6159aab680ec800a994

  
Dropping
MD5 e3e40572aab79fc2abee3336a57f4a71
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7d5511dc16aa126baa05a442f6717012c124100ef7a7a6159aab680ec800a994

Comments