MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a27cec7e884a1c909135334f925554c280c1a36e7c9d696d414d23842453f2b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a27cec7e884a1c909135334f925554c280c1a36e7c9d696d414d23842453f2b9
SHA3-384 hash: fb1a69c34522a9151957a668dffb282809b36dfcf601e3a844000b658aaca8f8ec3ba04c7301309cc9b17cfa39a0e318
SHA1 hash: 61ff0f3229fd46b0c93b65dd5609db354b950f2d
MD5 hash: 290103bad9483c1829798e9d629205e8
humanhash: alanine-michigan-jersey-nebraska
File name:catalog.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:393'531 bytes
First seen:2020-06-08 05:10:55 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:vtLve+GjEHRboa8IWeHz8HPlIx9ewlzKWr8is37LOPvPqKQCI84InofiGRKxJVn:E+z5dHGIvRlmWrxs3PnKj4Wei/JJ
TLSH 9784232594F40B58DA773A0BB80F97E231B965CEE420D5BF5002E452BBB6A5C5F3BE01
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: nurgroupbd.com
Sending IP: 156.96.157.101
From: INFO<harun@nurgroupbd.com>
Subject: New partner enquiry
Attachment: catalog.z (contains "catalog.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 05:12:07 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uj6oy7uijiojbejvgnhzevkuykamdi3opsows3kbjuryijct6k4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z a27cec7e884a1c909135334f925554c280c1a36e7c9d696d414d23842453f2b9

(this sample)

AgentTesla

Executable exe 3447e1b21b12a3330e2eda6dc06e7895f54b6f3686a52cfc32cc78720280dd29

  
Dropping
MD5 528fdd797520a3e3a79d576c3770ad1d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3447e1b21b12a3330e2eda6dc06e7895f54b6f3686a52cfc32cc78720280dd29

Comments