MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c49270b3cffa0034644c8693fd9040305c71ec2ad89c895cce3a0ed4a79c32af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c49270b3cffa0034644c8693fd9040305c71ec2ad89c895cce3a0ed4a79c32af
SHA3-384 hash: 4f3768bc3bf7314ca7a0b6bc6046782041f0e042113a7c0cfaba9ba5e4608b4a914d325cdab12180ccc6b5173efe974a
SHA1 hash: 3c62f287d14fe4ce55694876e5731027fe14e932
MD5 hash: 247187fe36d10f2968bea92893816805
humanhash: mountain-cardinal-lion-mexico
File name:Al Razzaq International LLC RFQ_xls.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:384'110 bytes
First seen:2020-06-29 07:27:11 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:Wa1BU9hVFnJt4/W+c4kmIBy/SanS0qkj7+OhtWRKj++YcST9BHs7Q5SZfAUg3T:Wa1BUXltOWd4kmAy/SanDq8+Oht8H+Y3
TLSH A0842317EB44A31171E7F7323F8C0BA65814BC25A203F369AC71E64B6A879D6644ECDC
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: svr104.phsserver.net
Sending IP: 203.175.162.84
From: Al Razzaq International LLC <purchasing.alrazagqroup@gmail.com>
Subject: AL RAZZAQ INTERNATIONAL LLC REQUEST FOR QUOTATION(RFQ)
Attachment: Al Razzaq International LLC RFQ_xls.z (contains "Al Razzaq International LLC RFQ_xls.exe")

AgentTesla SMTP exfil server:
mail.greebals.gr:587

AgentTesla SMTP exfil email address:
ricemagic290@gmail.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c49270b3cffa0034644c8693fd9040305c71ec2ad89c895cce3a0ed4a79c32af/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 07:29:03 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ysjhbm6p7iadizcmq2j73ecagbohd3bk3coisxgohihnjj44gkxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z c49270b3cffa0034644c8693fd9040305c71ec2ad89c895cce3a0ed4a79c32af

(this sample)

AgentTesla

Executable exe 66c0ea9c4f64306bb38babadfd61d0d862c63a0b76e43339264dcabb0e52a4c2

  
Dropping
MD5 ed77627649b148d02f2c15ee472a2753
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 66c0ea9c4f64306bb38babadfd61d0d862c63a0b76e43339264dcabb0e52a4c2

Comments