MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3696614ea9b52cb70bec9dedcf5c7ff3c95ad4893b36165e753daeffe221162. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3696614ea9b52cb70bec9dedcf5c7ff3c95ad4893b36165e753daeffe221162
SHA3-384 hash: 3f8186b53d541ad883e613f69530472d7b401a890282ba7467fb6319f317b19987ce9755b4081db4c29f408d7267a5a7
SHA1 hash: efe88948c3e5a1911cdbd8708a16444afed16c09
MD5 hash: ba387b34f582a3223d125df2b8ccb897
humanhash: december-six-item-cup
File name:Quotation Request2874.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:703'249 bytes
First seen:2020-10-08 13:09:22 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:tSnh2F7N6UvSHSV6OVEhL+fwbZJrRwC5nOVWuHH5qK4HvfgQy:t82z6UDV6OVcLtJJIJHHM7HHfy
TLSH A8E4239CE3C7650E334797682FE5EA2CA4139FCD1CA83B234723A5560B0E44D6894FE6
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: stock.ovh
Sending IP: 51.178.87.221
From: AFS Logix CHE ICD <impdocs3@afslogix.in>
Subject: REUQEST FOR QUOTATION
Attachment: Quotation Request2874.rar (contains "Quotation Request#2874.exe")

AgentTesla SMTP exfil server:
mail.qualitysolutionslab.com:587

AgentTesla SMTP exfil email address:
qa@qualitysolutionslab.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c3696614ea9b52cb70bec9dedcf5c7ff3c95ad4893b36165e753daeffe221162/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 12:35:47 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ynuwmfhktnjmw4f6zhpnz5oh746jllkisozwczphkpno77rccfra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c3696614ea9b52cb70bec9dedcf5c7ff3c95ad4893b36165e753daeffe221162

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar c3696614ea9b52cb70bec9dedcf5c7ff3c95ad4893b36165e753daeffe221162

(this sample)

AgentTesla

Executable exe e1fa76bb2709f8e0624f8e7f643fa05b69ad35e206f2317defbc683d369da6af

  
Dropping
MD5 48956935b6fa0821cb55be4e30516586
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e1fa76bb2709f8e0624f8e7f643fa05b69ad35e206f2317defbc683d369da6af

Comments