MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b295fdaa118ce9c9fee9a2b3dc163a863d9db2b9ee3a54d6b8fa3874f2782391. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b295fdaa118ce9c9fee9a2b3dc163a863d9db2b9ee3a54d6b8fa3874f2782391
SHA3-384 hash: 577174318a6654d6ba571567142d5c600ae77d5cfd3fa51d83985cfb6446b4fe22578d39323e8284142bfaf9048a3a66
SHA1 hash: cd33052d1aaa041a9336654ac43b916abfd78fc8
MD5 hash: 9f31ed3b088f5e8557188dc6d9a524bd
humanhash: sodium-kentucky-yellow-early
File name:purchase order.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:382'747 bytes
First seen:2020-06-15 12:25:57 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:uSEJRvD+mmU3XRdhe77tbuOvrr5F7B9IgBBC55bSgBH3dw9d7+Yq2pZrxMSg0ly:u5J9Uos77tzr319IcMBBXdwrSYTpZrxE
TLSH A88423A46CDEB70E021D45B2323893AF4EE357AD1D6E2E29C5FC194F36D5086C6C69E0
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: rattigani.pw
Sending IP: 104.168.145.121
From: Sureerat Peterson < hr@rattigani.pw >
Subject: QUOTATION ORDER
Attachment: purchase order.gz (contains "purchase order.exe")

AgentTesla SMTP exfil server:
smtp.laovpet.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:27:08 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wkk73kqrrtu4t7xjukz5yfr2qy6z3mvz5y5fjvvy7i4hj4tyeoiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz b295fdaa118ce9c9fee9a2b3dc163a863d9db2b9ee3a54d6b8fa3874f2782391

(this sample)

AgentTesla

Executable exe f0846ad4104e2d3e723daf5f0773efccdf243e5902cab9700ee1e3c03d8af771

  
Dropping
MD5 95e7049e1c5835dc0eeb9a66a65f32ed
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f0846ad4104e2d3e723daf5f0773efccdf243e5902cab9700ee1e3c03d8af771

Comments