MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a63561782dcae79b8c5e93765c4e5983b5a747d0506dbd00f9bc6fb91a70b27a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a63561782dcae79b8c5e93765c4e5983b5a747d0506dbd00f9bc6fb91a70b27a
SHA3-384 hash: 93e7009fc90bc263c0b70edc5a1deeb3c9295f9d99470e44fc51211f82a892ba62b82f8087d45150e42ac23e1adb8026
SHA1 hash: 6e361d3f92bc6d4da8896391c342b2785610bd6b
MD5 hash: 1c6a8dd19e5da0c6da086d9371066533
humanhash: bakerloo-zulu-angel-delaware
File name:Request For Quotation.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:289'508 bytes
First seen:2020-08-17 06:11:14 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:xqXrdOBVQVhncok1Ay+svdluzuEZ7kk4m5g206xjJkEjY8Ak3:8XpVhcozsSnl4egp6pJhrAk3
TLSH AF5423FB9AC86EF46967856D1113C1BDF7C90058B6EB3C2841E492826BC73DEA910F61
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: winterfell.networkredux.net
Sending IP: 209.191.187.244
From: Che Ain Zulaikha binti Che Zulkarnain <ainzulaikha@mohazet.com.my>
Subject: Request for quotation
Attachment: Request For Quotation.pdf.z (contains "Request For Quotation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a63561782dcae79b8c5e93765c4e5983b5a747d0506dbd00f9bc6fb91a70b27a/
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-08-17 06:13:06 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uy2wc6bnzltzxdc6sn3fytszqo22or6qkbw32ahzxrx3sgtqwj5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a63561782dcae79b8c5e93765c4e5983b5a747d0506dbd00f9bc6fb91a70b27a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z a63561782dcae79b8c5e93765c4e5983b5a747d0506dbd00f9bc6fb91a70b27a

(this sample)

AgentTesla

Executable exe b22c89b7538e1da6bdeadb5eab3df9ab4c76de044017db8045d7bb76049945f9

  
Dropping
MD5 2a0ffb3890a75aba032f61a0297ce7ad
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b22c89b7538e1da6bdeadb5eab3df9ab4c76de044017db8045d7bb76049945f9

Comments