MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce056d142ae9378cc77bbddc5dba83aee3c148ca5294b401a33ab7d647f0f334. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce056d142ae9378cc77bbddc5dba83aee3c148ca5294b401a33ab7d647f0f334
SHA3-384 hash: 21f4de6d681dbfd0478a0dd1245a1abd4ed2870115dc9a57266ee6c103c1d23d8dc50562cd5f5a1afa8c999c512ff643
SHA1 hash: ae591df512193097a79be10ec5ee82fe6b540730
MD5 hash: eac64cd83100f1a1bb71f93763ca9245
humanhash: skylark-blossom-stairway-mexico
File name:Quotation order.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'549'198 bytes
First seen:2020-12-05 15:21:51 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 49152:s6omA8u0wxjCOUZj2Qri/qzXlRz+TlPmvEIldE7QhbFwdPJ9kQ4COEGR:3A84qV2dCzXlxElOMOA4FFQ4COVR
TLSH 86C52378851D8CE82676D007F54F10A6C201159EAFA8B35B1C9E6EBD7F50C94A9BBF03
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mta07.doruk.net.tr
Sending IP: 81.21.172.152
From: baris.arkun <baris.arkun@zmakina.com.tr>
Subject: AW: Medical Gloves Quotation Order
Attachment: Quotation order.rar (contains "Quotation order.exe")

AgentTesla SMTP exfil server:
smtp.gmail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
329
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ce056d142ae9378cc77bbddc5dba83aee3c148ca5294b401a33ab7d647f0f334/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-05 15:22:06 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zycw2fbk5e3yzr33xxof3oudv3r4csgkkkkliandhk35mr7q6m2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ce056d142ae9378cc77bbddc5dba83aee3c148ca5294b401a33ab7d647f0f334

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar ce056d142ae9378cc77bbddc5dba83aee3c148ca5294b401a33ab7d647f0f334

(this sample)

AgentTesla

Executable exe aca79c29fda3bfb7e34038dc5a9a31d05ed1aba543328367478ef21540555da7

  
Dropping
MD5 fec94c3fe9cead7cbe7a1d627eedd841
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aca79c29fda3bfb7e34038dc5a9a31d05ed1aba543328367478ef21540555da7

Comments