MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df9c84db2efe2030da7387e03f7fe4f4d11ce489117399b5b8aecdc8a85d03cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: df9c84db2efe2030da7387e03f7fe4f4d11ce489117399b5b8aecdc8a85d03cd
SHA1 hash: 16eabf013af16338c580f0fac55ccd2da7d6495b
MD5 hash: 6e1aaddd214a032c95ddccd512efbf58
File name:JUNE_QUOTATION7724_210520RFQ_NEW_OFFER_SAMPLE_AZN_O_M_Company.arj
Download: download sample
Signature AgentTesla
File size:409'340 bytes
First seen:2020-05-23 11:10:55 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:j1o80v6l7zpi1CkBdR7K7I5ptBSum683gJF:xoYzpMCwdR+05ptB7m6Qg
TLSH 029423FDFCC93421060869A200635D6CE22A5D89A476F9FA36F17133F5F1E896D0D276
Reporter @abuse_ch
Tags:AgentTesla arj


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: juchansolutions.pw
Sending IP: 173.82.168.118
From: Saud Abdulaziz Khalaf Alsharrah <info@juchansolutions.pw>
Subject: JUNE QUOTATION
Attachment: JUNE_QUOTATION7724_210520RFQ_NEW_OFFER_SAMPLE_AZN_O_M_Company.arj (contains "JUNE_QUOTATION#7724_210520RFQ_NEW_OFFER_SAMPLE_AZN_O_M_Company.exe")

AgentTesla SMTP exfil server:
smtp.iotoils.com:587

Intelligence


Mail intelligence
Trap location Impact
Global High
# of uploads 1
# of downloads 20
Origin country FR FR
ClamAV No detection
VirusTotal:Virustotal results 23.33%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj df9c84db2efe2030da7387e03f7fe4f4d11ce489117399b5b8aecdc8a85d03cd

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments