MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a554f6fb7bc80230510b9b5cd4d25bb0b780a36c79dafb33f99ef526bad5849d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a554f6fb7bc80230510b9b5cd4d25bb0b780a36c79dafb33f99ef526bad5849d
SHA3-384 hash: 88ebee829d351ece26d24ecb3dd95d836a1d1b9e06f8f6799296ee8d07b91f8996d84a62a17075a638887a1c502d2c18
SHA1 hash: dd7d26f34034a51a54120f19eccadf389feac5d0
MD5 hash: 8eca1717f20c98299101193c33b5fe94
humanhash: louisiana-kentucky-moon-seven
File name:RFQ_PCPSPIRSZ2020022.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:454'601 bytes
First seen:2020-08-17 14:03:02 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:yJJ+59y4/f0c6yLB5ZRg6ciubT4u7G9YnjLiM0:yYX0obgvFbT5F0
TLSH 22A42335B87E5309287EDDB2F0065ABB13489C583ABCEDF635B85318460118F8A7B9D7
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: itrad3r.com
Sending IP: 78.47.220.153
From: Nurazurin Gaman <zurin@nadioil.com>
Subject: RFQ_PCP/SPIR/SZ/2020/022
Attachment: RFQ_PCPSPIRSZ2020022.gz (contains "RFQ_PCPSPIRSZ2020022.exe")

AgentTesla SMTP exfil server:
mail.actionassist.co.uk:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a554f6fb7bc80230510b9b5cd4d25bb0b780a36c79dafb33f99ef526bad5849d/
Threat name:
Win32.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 14:04:11 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uvkpn633zabdauiltnonjus3wc3ybi3mphnpwm7zt32snowvqsoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.61
Link:
https://yomi.yoroi.company/submissions/a554f6fb7bc80230510b9b5cd4d25bb0b780a36c79dafb33f99ef526bad5849d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz a554f6fb7bc80230510b9b5cd4d25bb0b780a36c79dafb33f99ef526bad5849d

(this sample)

AgentTesla

Executable exe 9c92ede459c8248e15a5956e13aeacb9753e9fa24184f3c7e6cd51b5a14c1677

  
Dropping
MD5 1a7f109b6ec5ded27b06bbae2aaa0006
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9c92ede459c8248e15a5956e13aeacb9753e9fa24184f3c7e6cd51b5a14c1677

Comments