MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e62c54a6ae7e206216555559dea25b5cdce38ac4ff3bb701fd1a753eb3510d39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e62c54a6ae7e206216555559dea25b5cdce38ac4ff3bb701fd1a753eb3510d39
SHA3-384 hash: 9648a41c0d048e5ae786a30eef28f38a7fcdf08db35f0acb01883b28c856311ea680bafe49d71b36463c4c3ff5bfae0f
SHA1 hash: e697415d446be5f78056f4099b86756a0522471c
MD5 hash: 8727a2f0a612ff26b0ea2e49b17bf158
humanhash: oxygen-don-alaska-lion
File name:Quotation_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:582'546 bytes
First seen:2020-05-06 18:33:38 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:RwrEIymb5odGaOTDA/pRxiJ9Que8Vm5Zofx+hS1eTY:RaEIJb1ayGirQudmecK
TLSH 64C423E8264D3485F7CF6C04DB71CE31130F6F62EB2676095D6662E98DCC29112CE6E9
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: wearepumpkin.nh-serv.co.uk
Sending IP: 176.56.62.144
From: CAO DUONG CO LTD <info.caoduong@caoduong.com>
Subject: REQUEST FOR QUOTATION!!
Attachment: Quotation_pdf.gz (contains "Quotation_pdf.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

SecuriteInfo.com.Win32.Herz.B.16666.5657.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 18:36:46 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4ywfjjvopyqgefsvkvm55is3ltoohcwe7453oap5dj2t5m2rbu4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz e62c54a6ae7e206216555559dea25b5cdce38ac4ff3bb701fd1a753eb3510d39

(this sample)

AgentTesla

Executable exe 534448acf886c50b7172a770f596924c2924dd229867f7e94e3f5250adde47fa

  
Dropping
MD5 0dd1f011eba6c1a9a00307ac9862eebe
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 534448acf886c50b7172a770f596924c2924dd229867f7e94e3f5250adde47fa

Comments