MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72cd770832a37bf59afc53b9bc86abc8df0db30f0da2c47beaed44b05a9c3ec2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 72cd770832a37bf59afc53b9bc86abc8df0db30f0da2c47beaed44b05a9c3ec2
SHA3-384 hash: 3e3dffee2a6a1e2e87d0433e47bf49a689c3d30e547a3fded8109948be265ddd3babca444f02e6325b89efe87d2e0c23
SHA1 hash: 3d267340b44b793319b54c6403ee6fc57f186f0e
MD5 hash: 00fb8d328a3e9b34025c31680ed2120c
humanhash: three-stream-low-sixteen
File name:RFQ-000083832.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:448'266 bytes
First seen:2020-05-06 10:47:38 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:JerDhbW+vpjL7Hnmx4/iPNZluABCaVtBTbrYxdDO28Fli0VhypBeiROmwAkzRzR7:QRbjHFyNltBTb7NiOOB5URV
TLSH BE942320AE37EB2CA7199D92A3CF6F3C2BD406794576A831451583CD7A061C89EC363F
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: protonmail.com
Sending IP: 103.99.1.158
From: Crystal Tsui<burt.manager@protonmail.com>
Subject: RE:RFQ.OTES URGENT REMARKS
Attachment: RFQ-000083832.rar (contains "RFQ-000083832.exe")

AgentTesla SMTP exfil server:
mail.pptoursperu.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 01:55:19 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=olgxocbsun57lgx4ko43zbvlzdpq3mypbwrmi67k5vclawu4h3ba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 72cd770832a37bf59afc53b9bc86abc8df0db30f0da2c47beaed44b05a9c3ec2

(this sample)

AgentTesla

Executable exe 2ed3c334493409927240f012d70190ef7feca44e27416cede763011ac187c4ef

  
Dropping
MD5 6af267ac464e76c1d7c0b39c258ae7dd
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2ed3c334493409927240f012d70190ef7feca44e27416cede763011ac187c4ef

Comments