MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc31b6d53dc8cf46b8c30675920e3172c89ba46d6f44c3f1b2e225df5b0abe64. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc31b6d53dc8cf46b8c30675920e3172c89ba46d6f44c3f1b2e225df5b0abe64
SHA3-384 hash: 7ec8d680ed3767daefddee76011b273d4f3328cb368a30841546db0ac77995d1e564a0097f5fdc9f7afda55c84509c4f
SHA1 hash: d742027038cf0b7301762f9673012b1ff9fde784
MD5 hash: e6be54d25b09b3d73c6a9dc8f2484f6c
humanhash: montana-sweet-march-carolina
File name:New Quotation.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:604'435 bytes
First seen:2020-07-09 06:27:48 UTC
Last seen:2020-07-09 06:34:40 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:kCdjPi6P9/a37l+2bLJ8Tw587LPGPOewq6Mis1oJgx1J7U6yljtsOjT9UdILp:kCdjP/s7VLJ8Tw5uo7V6Mis1oC1wT2YT
TLSH 27D4232AD7411B84D7B53425BE18A316B40F0DF896F9EE5B2B025BB067221E844F1AFD
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: trieaglelogistics.com
Sending IP: 172.93.148.220
From: Sanda Kozinda <import@trieaglelogistics.com>
Subject: New Quotation
Attachment: New Quotation.gz (contains "New Quotation.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
3
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bc31b6d53dc8cf46b8c30675920e3172c89ba46d6f44c3f1b2e225df5b0abe64/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 06:29:06 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xqy3nvj5zdhunogdaz2zedrrolejxjdnn5cmh4ns4is56wykxzsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz bc31b6d53dc8cf46b8c30675920e3172c89ba46d6f44c3f1b2e225df5b0abe64

(this sample)

AgentTesla

Executable exe b3706a5ace23149f5ed6327656b49fa37aacf8814569312ac807c580a1b662d0

  
Dropping
MD5 1ddfef07c40749d9e7f67cf63decfa25
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b3706a5ace23149f5ed6327656b49fa37aacf8814569312ac807c580a1b662d0

Comments