MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc1e833ab5040910bdb5160f8772e59c1d1aef3a7ee550e7f4b4ccf73f821df2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc1e833ab5040910bdb5160f8772e59c1d1aef3a7ee550e7f4b4ccf73f821df2
SHA3-384 hash: ae688384ee1dfaf56cd15b7886430393af30210cb5dbef5b63a426c1f9f084b275edba709b8cc177ae5ff3bf81c47329
SHA1 hash: 165d5f1ebd8118429336b0f6d388cfbea36fb153
MD5 hash: af4f36726ef5422a1358bb8f7385f9bc
humanhash: princess-nitrogen-zebra-cold
File name:PRICE LIST AND PO .3002312.lzh
Download: download sample
Signature AgentTesla
Create hunting rule
File size:960'984 bytes
First seen:2020-04-30 12:18:55 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:mnSTO7o8cKlsOhSi6x7uEpThxqvkkfK1wCHX4ShuaY0YD1/S:8SSs8cmX6x7u4rqvkZjjuam1K
TLSH 821533F7C02E99A2B2295F649723734D083DDD056790E82B99F5FFA7285F187D4A3820
Reporter abuse_ch
Tags:AgentTesla lzh


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sonic310-50.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.186.231
From: Maria Bianchi <christinabrown26@yahoo.com>
Reply-To: Maria Bianchi <christinabrown26@yahoo.com>
Subject: Fw: RFQ FOR QUOTATION [UPDATED PRICELIST]
Attachment: PRICE LIST AND PO .3002312.lzh (contains "PRICE LIST AND PO .3002312.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Script-AutoIt.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 12:37:17 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
16 of 48 (33.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xqpigovvaqerbpnvcyhyo4xftqorv3z2p3svbz7uwtgpop4cdxza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar bc1e833ab5040910bdb5160f8772e59c1d1aef3a7ee550e7f4b4ccf73f821df2

(this sample)

AgentTesla

Executable exe 61a1e5d143ee0c8d5929ac7386b60fa13baf8e43745f644aebc970e267b6f67a

  
Dropping
MD5 42dba3c7eabbd9d3173d290e9fe1c1f3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 61a1e5d143ee0c8d5929ac7386b60fa13baf8e43745f644aebc970e267b6f67a

Comments