MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c488fab42ef6b142ee349518718d84f3a134b030b08489b3cb5dc64b43df0ca4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c488fab42ef6b142ee349518718d84f3a134b030b08489b3cb5dc64b43df0ca4
SHA3-384 hash: 739ebfcf8ba1ec4ebc0d96721d9e5c6696717f92aca4d43cde2df5e7b0cd191b7236c653f597b7c4e009b4def83e00df
SHA1 hash: c6c0be54cab2903767c5eb09868c609975e6a3f6
MD5 hash: e2764c7d5a8938577909ab46a0281744
humanhash: cold-tennis-bulldog-dakota
File name:ELE SPEC RFK 06-20.Gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:509'848 bytes
First seen:2020-06-07 07:40:41 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:DeVldPFMYVCqcxNRByLmQ/4WDr88Tm+C4UrDzBb5xKkm2yKkmM6MC3L2d1/1v0MD:D6ldPFnV83Xyrzc4UXzXtm286slKMEgH
TLSH 25B4234939AD36A795BDDC9D0ECB7DA00BC72BE0ED441A9E40E34F86BE149E443C3512
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vogo-online.net
Sending IP: 93.90.195.93
From: Ellister Pereira <ellister@spectrumcube.com>
Subject: Request for quotation
Attachment: ELE SPEC RFK 06-20.Gz (contains "ELE SPEC RFK 06-20.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.hc.29302.UNOFFICIAL
Create hunting rule

Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ysepvnbo62yuf3rusumhddme6oqtjmbqwccitm6llxdewq67bssa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz c488fab42ef6b142ee349518718d84f3a134b030b08489b3cb5dc64b43df0ca4

(this sample)

AgentTesla

Executable exe f8a23c3022866e87a2ad5327280b1ae30f970e0e196266aa01c2cee135ff74c5

  
Dropping
MD5 0a14b22122c1315c956a59535e9bb694
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f8a23c3022866e87a2ad5327280b1ae30f970e0e196266aa01c2cee135ff74c5

Comments