MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb729b653bf6a577ab6dadb68b37e126559535911c8e127bf85af4cbe16b1c39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb729b653bf6a577ab6dadb68b37e126559535911c8e127bf85af4cbe16b1c39
SHA3-384 hash: 1ba0348fa13cdec3556287a67391bfb17819ac4798bbc939c847cd96c22fe7637126f4dbf1813ef8db2ab5a1f582747c
SHA1 hash: ba0d16b66b4348eb316b21aa3a46f1cfda74fc4d
MD5 hash: 94df8f2e60822e2450cfc131289ee228
humanhash: hamper-oranges-november-delta
File name:RFQ DNFSQTNPTTEPMEPAMR5107431122020 - PIPES.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:320'101 bytes
First seen:2020-12-24 09:17:06 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:zTcu4tfsRfLJ54ZoHnx45lyTbPAxr+TTYwM51Z4ddpKjzcmsv38np8:0tfsDQsa5lyTbPAh+jM5j4JQcmsgO
TLSH 216423BA43D6684A8808D9FF42B29103635A0FE06D9F408DDD5B472FFBC90CC9B15DA5
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mta6.iifrc.xyz
Sending IP: 176.123.5.102
From: info@iifrc.xyz
Subject: RFQ : D/NFS/QTN/PTTEP/MEPA/MR#51074/31122020 - PIPES
Attachment: RFQ DNFSQTNPTTEPMEPAMR5107431122020 - PIPES.rar (contains "RFQ DNFSQTNPTTEPMEPAMR#5107431122020 - PIPES.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
739
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cb729b653bf6a577ab6dadb68b37e126559535911c8e127bf85af4cbe16b1c39/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-24 09:18:05 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=znzjwzj362sxpk3nvw3iwn7bezkzknmrdshbe67yll2mxylldq4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cb729b653bf6a577ab6dadb68b37e126559535911c8e127bf85af4cbe16b1c39

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar cb729b653bf6a577ab6dadb68b37e126559535911c8e127bf85af4cbe16b1c39

(this sample)

AgentTesla

Executable exe a1e74b7743cc21b76c0c0a4d29e020d12cf32e03b35d7425607940fe7aae3398

  
Dropping
MD5 096debfae2d30fd3d7bd0c65de47365e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a1e74b7743cc21b76c0c0a4d29e020d12cf32e03b35d7425607940fe7aae3398

Comments