MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e460571c5f525aa577f4651eeca0a447e1f55e77c1f91a755076f09adc16f934. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e460571c5f525aa577f4651eeca0a447e1f55e77c1f91a755076f09adc16f934
SHA3-384 hash: b881acb04e04100c15d8356200367745cf3c5bec82a2c435e0e26cfaa1ea803dd301592d3666ae639b5450f1f9c15f8d
SHA1 hash: 9c12e5ecf3f1ac9bedf1441ed358b51252c86c4e
MD5 hash: fb5a8499683e15456cf141e5a133b488
humanhash: eleven-grey-jig-football
File name:Image001.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:698'997 bytes
First seen:2020-07-20 10:40:56 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:fkeGve7jEhTk8p8jsyj8/8tbUL9W4ZrreA++TPXq7KyUSz6j9X1Ph3K1TBJIY0S/:8r9Zk8ysy69vreA0eybz6BX1Z3KZ3HX/
TLSH 6DE42389AF4C57E59E6F086F607F3C30DAE101895B13101391E25C7BBC6D42BD1A6B5B
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: bakerhughes.com
Sending IP: 185.222.57.185
From: Abhijart Kongto <Abhijart.Kongto@bakerhughes.com>
Subject: Re: Transfer Confirmation
Attachment: Image001.gz (contains "Image001.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e460571c5f525aa577f4651eeca0a447e1f55e77c1f91a755076f09adc16f934/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-07-20 10:42:11 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4rqfohc7kjnkk57umupozifei7q7kxtxyh4ru5kqo3yjvxaw7e2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
0.87
Link:
https://yomi.yoroi.company/submissions/e460571c5f525aa577f4651eeca0a447e1f55e77c1f91a755076f09adc16f934

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz e460571c5f525aa577f4651eeca0a447e1f55e77c1f91a755076f09adc16f934

(this sample)

AgentTesla

Executable exe 9dc483ac274a3499b0d6a821a676a0b997688f7779be1f556ab8ee92273ef1df

  
Dropping
MD5 c501f678287f07c5b0b91b848fd20090
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9dc483ac274a3499b0d6a821a676a0b997688f7779be1f556ab8ee92273ef1df

Comments