MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd91bc5a5771aac112a697a5960146ee9a1a7fe657d82a24d1d566931066d201. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd91bc5a5771aac112a697a5960146ee9a1a7fe657d82a24d1d566931066d201
SHA3-384 hash: 0e305af9c4b489a5325a861436b99498352a46d22bc6cc91b0d2d983f91ac9562d1368048ac5a5c1512da4dcfb631d77
SHA1 hash: 9907e331e4fdc5bc567f2ef030908be02c69df9e
MD5 hash: 6dee5add7bba172a1cb455f3ef1bb74d
humanhash: may-river-neptune-glucose
File name:QUOTE 2020.r01
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'005'094 bytes
First seen:2020-05-15 07:19:26 UTC
Last seen:Never
File type: r01
MIME type:application/x-rar
ssdeep 24576:hQ3nruK691BeXzeN7dFvrm827gR96CPlMSB09:2ruKs1Qmzv+70HP+R
TLSH 4725231DCCB8B04C740B8B67821597A8278B41272FF8C2687B5FE71D4F3A4A93356796
Reporter abuse_ch
Tags:AgentTesla r01


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ssd1.celiahomes.com
Sending IP: 80.86.93.180
From: Minya Sioux <sales@kbtradings.com>
Subject: RFQ/QUOTATION
Attachment: QUOTE 2020.r01 (contains "QUOTE 2020.exe")

AgentTesla SMTP exfil server:
mail.dykbd.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-05-15 07:36:22 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xwi3ywsxogvmcevgs6szmakg52nbu77gk7mcujgr2vtjgedg2iaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r01 bd91bc5a5771aac112a697a5960146ee9a1a7fe657d82a24d1d566931066d201

(this sample)

AgentTesla

Executable exe 0a44ee4a63f01378570de7668ee2daa17534d296a6ff2c45bc14d8f9b07bb837

  
Dropping
MD5 e43032455c964f1ca90b4014a84105c5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0a44ee4a63f01378570de7668ee2daa17534d296a6ff2c45bc14d8f9b07bb837

Comments