MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6e5b948d0d263d657b07c82c539b54ac3b9e0b158c2eee6494870c0731789ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a6e5b948d0d263d657b07c82c539b54ac3b9e0b158c2eee6494870c0731789ee
SHA3-384 hash: e98d360711d178007d1894e1dcca2eb881158358a6ca39fb9989a8db48993f32d733eab85e1bbae5faabddd6b9104eaa
SHA1 hash: c2334eac7456b9c139f4fa33240ad9cf77fdf58b
MD5 hash: a318483a2f61ed34e40257926aa60e95
humanhash: angel-bravo-river-potato
File name:PARTS REQUEST SO_30005141.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:668'478 bytes
First seen:2021-01-22 06:29:12 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:WDfqALUBKVGLiaMrpSQA3rwN36S9XE5ZvIvu9dOyqB/E7vpp8MmdQRLHA1:W+ALU4qNMvA3MhN2RSWbM/KydaHA1
TLSH 07E42317038C53C0A5068E429CA43E01B4B394D684F172A56DA1584EF9BBDFFFBD266E
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Order <order@glunz-jensen.com>" (likely spoofed)
Received: "from glunz-jensen.com (unknown [185.222.57.238]) "
Date: "21 Jan 2021 11:13:31 -0800"
Subject: "Part Request / SO_30005141"
Attachment: "PARTS REQUEST SO_30005141.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a6e5b948d0d263d657b07c82c539b54ac3b9e0b158c2eee6494870c0731789ee/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-21 12:10:34 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
6 of 44 (13.64%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=u3s3ssgq2jr5mv5qpsbmkonvjlb3tyfrldbo5zsjjbyma4yxrhxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a6e5b948d0d263d657b07c82c539b54ac3b9e0b158c2eee6494870c0731789ee

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz a6e5b948d0d263d657b07c82c539b54ac3b9e0b158c2eee6494870c0731789ee

(this sample)

AgentTesla

Executable exe 3f1f5532911efbb82c03e4c3ad1bd72452c4030b8647cf2098a782d9501f4368

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3f1f5532911efbb82c03e4c3ad1bd72452c4030b8647cf2098a782d9501f4368
  
Dropping
AgentTesla

Comments