MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aca3e0d454ee6ac6a9870eabd5107155b50782ca45c2af389431c1bebcf526d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aca3e0d454ee6ac6a9870eabd5107155b50782ca45c2af389431c1bebcf526d5
SHA3-384 hash: 8b4ba4ffdc75620bd5a6c870821b0f9630cf2fa075dadc4bd4f7ff53595081c04ec573693417fe3dc03b34a67ac80682
SHA1 hash: 613f31184f40f1dd78613fbaf353cd4d1dd2b32e
MD5 hash: f1582cec65267d601f90693a2da355e7
humanhash: crazy-jig-vegan-hydrogen
File name:Inquiry.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:377'034 bytes
First seen:2020-06-15 12:00:25 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:au+1JOvMiosb2xBwTlwVYazzmXdrTKNmlarDtS/sACOlVBsN6fZycqzCiKaKjJ:R4J4MiP2sT+VYPXBicYY0AllV4OiuJ
TLSH C58423902EE8176D7771AFA3B23BC640C581A56EE7C0CB79900BDDC42B54113BA8DF69
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hotmail.com
Sending IP: 185.118.165.172
From: Purchase <redsaail@hotmail.com>
Reply-To: f22_raptor@zoho.com
Subject: Re: inquiry
Attachment: Inquiry.rar (contains "Inquiry.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:02:04 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vsr6bvcu5zvmnkmhb2v5kedrkw2qpawkixbk6oeugha35phve3kq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar aca3e0d454ee6ac6a9870eabd5107155b50782ca45c2af389431c1bebcf526d5

(this sample)

AgentTesla

Executable exe e4a764560fc747261834c1568d5280725a64036f720ad42ce847353cb4841331

  
Dropping
MD5 e8c598e19b7524c99ffa658613638d5d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e4a764560fc747261834c1568d5280725a64036f720ad42ce847353cb4841331

Comments