MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84e8a8c3b516926b7cfa5191d2db10b654a4b78754eea00fde2a80918abb4b58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 84e8a8c3b516926b7cfa5191d2db10b654a4b78754eea00fde2a80918abb4b58
SHA3-384 hash: 7f499a0dd92b18a78c2a89b9db0a98a5650df4547e654ec7150a85ccc302bd9ae9cd4f27ae6752e563204b3a9a70b3db
SHA1 hash: 0a57b22ded1311b66aed4811e75700cea2ab1125
MD5 hash: 08b315c5374b1a5e580e1b4f90413d5e
humanhash: high-utah-stream-sink
File name:RFQ official SPECS 0022c_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:475'163 bytes
First seen:2020-06-19 06:03:43 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:j5orvcEPgDEg4V3ewMXd1VmR8dq3wT0RJ/sE4S:dozc9gV4PHqgT0RkS
TLSH B2A423C30FCEAB41F6452452607FB52AF3B479EF79D21A501A3B30765B626DDC01DA88
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: infonet.com.vn
Sending IP: 162.144.74.195
From: LKC SHIPPING & LOGISTICS SDN BHD <thomas@lkc-hid.com>
Subject: RE: Request For Quotation/Official
Attachment: RFQ official SPECS 0022c_pdf.gz (contains "INVOICE 0022c.exe")

AgentTesla SMTP exfil server:
smtp.hk-gruop-sg.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Variant.Graftor.775012.17510.17428.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 06:05:14 UTC
AV detection:
35 of 48 (72.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qtukrq5vc2jgw7h2kgi5fwyqwzkkjn4hktxkad66fkajdcv3jnma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 84e8a8c3b516926b7cfa5191d2db10b654a4b78754eea00fde2a80918abb4b58

(this sample)

AgentTesla

Executable exe d59050a250600d11ef74a166049807095bfee68ba3b58b01ab65f4527c55142c

  
Dropping
MD5 45f1c001f4a4f53f1e86a66318001cbf
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d59050a250600d11ef74a166049807095bfee68ba3b58b01ab65f4527c55142c

Comments