MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1c344f6235301f1e7da7c9b0ff6464f2f9e20ed9a0e8d8c178199d644c69912. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1c344f6235301f1e7da7c9b0ff6464f2f9e20ed9a0e8d8c178199d644c69912
SHA3-384 hash: c233612c020403511b6f7d8e3478bec9e2856cb3fdbe2987873b427ac663972fb5c61e12089dd2975e142a5406015df8
SHA1 hash: c4b134f7e847c2347ba6a89374c7c6569340ee72
MD5 hash: 51ae23aab9adfcd32394dde4d8d27e9b
humanhash: cardinal-colorado-utah-spaghetti
File name:items 001.xlsm.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:405'091 bytes
First seen:2020-05-11 14:41:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:RVAIepQKglQtX5Om/yv8Y6twiys8Lfl/lxLoh:ypVglqnzfj8Lp7Loh
TLSH 1D8423CEA7F76AD3A5608B6AC78FB81C9950C1DB76D9A66CF9172C700B00A5001E3D5F
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: outlook.com
Sending IP: 103.99.1.148
From: Natalie Thomas<sales.gmbh@outlook.com>
Subject: RE:Order by Petersen Matex Trading GmbH 
Attachment: items 001.xlsm.zip (contains "items 001.xlsm.exe")

AgentTesla SMTP exfil server:
mail.pptoursperu.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.48635.12088.2188.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 09:18:05 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2hbuj5rdkma7dz62psnq75sgj4xz4ihntihi3daxqgm5mrggteja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d1c344f6235301f1e7da7c9b0ff6464f2f9e20ed9a0e8d8c178199d644c69912

(this sample)

AgentTesla

Executable exe 6f5b0135a9800946845f48fdd84ab322ca4c4c5c1efcb79fcf82969f76099886

  
Dropping
MD5 35f182cd6015448d90271bae97b6e48e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6f5b0135a9800946845f48fdd84ab322ca4c4c5c1efcb79fcf82969f76099886

Comments