MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cfc4e939eb45a3a7f7d90f1bad873057a9f22565a60c42f3785fbcdf44ac46dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: cfc4e939eb45a3a7f7d90f1bad873057a9f22565a60c42f3785fbcdf44ac46dc
SHA3-384 hash: cafb28f397bf55155fe1e7234bc3dc9a311ac9b5bdf5d5aa2c5826b642cd4e64e98528a9e51cc13cb9cee1722fd39587
SHA1 hash: 8b3e7aadef96ffcd17be1f58f73a798c79ec9b9f
MD5 hash: f419c014f0930b9a25a9e80ffb5e419e
humanhash: kilo-lemon-ack-early
File name:ENQUIRY.zip
Download: download sample
Signature AgentTesla
File size:976'951 bytes
First seen:2020-06-17 10:10:11 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:nGDSV/Aqh4YEMu2zhMn7tmipWHVU321f7L1l2URm:GDSxVXaJmX63213X2am
TLSH AB2533521F40E748C023D95F4E7B408D3CADEBA9509E58FBE3DAEAA55ECC60129607F1
Reporter @abuse_ch
Tags:AgentTesla zip


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: wyndhamdohawestbay.com
Sending IP: 103.99.2.4
From: Ajith Jacob <ajith.Jacob@wyndhamdohawestbay.com>
Subject: ENQUIRY FROM QATAR
Attachment: ENQUIRY.zip (contains "ENQUIRY.exe")

AgentTesla SMTP exfil server:
smtp.sarniotex.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
30
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
High
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-06-17 10:37:24 UTC
AV detection:
24 of 31 (77.42%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip cfc4e939eb45a3a7f7d90f1bad873057a9f22565a60c42f3785fbcdf44ac46dc

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments