MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3dd933998c5ecc3abc9a27c70a43f33ad3a022eb4cc61155183f7f817d0a37b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e3dd933998c5ecc3abc9a27c70a43f33ad3a022eb4cc61155183f7f817d0a37b
SHA3-384 hash: dbde26a0e17db0d8d4d577a0cc7654f7aca152b52e30cb95bebaef77cc9b39260d437fc9627069c11e1e93e98863672d
SHA1 hash: 144183ed99bcc9df580d21897a01510c0246ef9d
MD5 hash: 88ff6a84964f651a5a4c2008bc0bd66b
humanhash: undress-indigo-quiet-seven
File name:General terms conditions for procurement.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:382'304 bytes
First seen:2020-04-06 09:33:46 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 6144:loCb+eN3B7TVfeWUmXYK6c1G80HfUWd7h8lOCk23IcvmXnCOdrLynJm3oBm5WAer:lB+eNHfeWXJ6cMpHfUWRiOCkKIcWvHeN
TLSH F28423CBB5BEB9A89DAD513313AD64D83DE0C7C585E994E26007C952BC50F00FBA98C7
Reporter abuse_ch
Tags:7z AgentTesla COVID-19


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: gki.com
Sending IP: 212.114.52.146
From: Yousuf Muhsin Zahran Al Nabhani - UES <YNabhanl@gki.com>
Subject: Urgent Inquiry For COVID19_RFQ for Document No. UES/SCM/002 rev 1
Attachment: General terms conditions for procurement.7z (contains "General terms conditions for procurement.exee")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.34125.7999.28836.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 09:48:34 UTC
File Type:
Binary (Archive)
Extracted files:
22
AV detection:
16 of 30 (53.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z e3dd933998c5ecc3abc9a27c70a43f33ad3a022eb4cc61155183f7f817d0a37b

(this sample)

AgentTesla

Executable exe 74e87df85fd5611d35336b83dc132150327378cc06101ec3f40b84a9c8482d47

  
Dropping
MD5 b1d52a98444d26b17885f8dbef3060b9
  
Dropping
SHA256 74e87df85fd5611d35336b83dc132150327378cc06101ec3f40b84a9c8482d47
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 74e87df85fd5611d35336b83dc132150327378cc06101ec3f40b84a9c8482d47

Comments