MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3f968218eab6d0325c8055fb45c14c7ef03499cb7a5e174920605f4d9b06038. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3f968218eab6d0325c8055fb45c14c7ef03499cb7a5e174920605f4d9b06038
SHA3-384 hash: 50fff1a7629450c2d43574842e5a92accc6ccec1eee7f69aef9ffa3f1f77b7bee243e9543aff691e58036482b0a2b69c
SHA1 hash: 0ddb9317053a1a4599ac42e4ea0d137fd40f5333
MD5 hash: ca2aa71e664fb62d3af0fd9baa3fb089
humanhash: east-mirror-sad-glucose
File name:Prod.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:409'078 bytes
First seen:2020-11-26 06:52:37 UTC
Last seen:2020-11-26 07:18:27 UTC
File type: gz
MIME type:application/gzip
ssdeep 12288:riPluW+y3o+Z3QTluB4mQ4WfoSy8T1EQKa:2PluWl3ow3Q5c4mQtQB8BMa
TLSH 9D9423102BCD6721F44771BD579FA1E8B2BEE05F623872D246D002BABB58C5863F946C
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: static-249.76.103.rackbank.com
Sending IP: 43.254.30.236
From: kamran <kamran@textileimportsoons.com>
Subject: Re: Re: Re: Re: Deposit Slip Textileim.
Attachment: Prod.gz (contains "Prod.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c3f968218eab6d0325c8055fb45c14c7ef03499cb7a5e174920605f4d9b06038/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yp4wqimovnwqgjoiavp3ixauy7xqgsm4w6s6c5esayc7jwnqma4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz c3f968218eab6d0325c8055fb45c14c7ef03499cb7a5e174920605f4d9b06038

(this sample)

AgentTesla

Executable exe f148b6ad99c39c47a48a82fc4959b98ccfed28b35556ea3e0f07d0b8911d5e15

  
Dropping
MD5 cadc22c4c2d6223468caba0832af78d0
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f148b6ad99c39c47a48a82fc4959b98ccfed28b35556ea3e0f07d0b8911d5e15

Comments