MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee3854cc9676cffececf73f5d976836250c70eff6926d27c64c3a5a9ccdb0275. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee3854cc9676cffececf73f5d976836250c70eff6926d27c64c3a5a9ccdb0275
SHA3-384 hash: 2b90087a804e120f8e260c4f4a741ef4e29986a8c958b938b210d459397f81da9a1d24facd21d5632f63f7e4f05a794a
SHA1 hash: f1e62ebfe6fa014a687765d311aae491387cc749
MD5 hash: 94c7625f5150cfee52e4411999858b04
humanhash: november-sixteen-may-snake
File name:Quote JQ2341024749.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:403'427 bytes
First seen:2020-07-08 06:57:03 UTC
Last seen:2020-07-08 16:11:33 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:jSwMRAmXp/W1Ok4S5qaebE6EjRsx7zWhyAuZ:jSpGmZ/W1PHQa9lRU9AuZ
TLSH 58842369BDDDCC0B1FB5A369CEA97D358D6328F1288CA12E40BC4C9D1E9520608EF566
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: souriau.com
Sending IP: 209.58.149.87
From: Haiyan Zhao <sales@souriau.com>
Subject: RE: [Quote JQ2341024749]RE: new RFQ
Attachment: Quote JQ2341024749.pdf.gz (contains "Quote JQ2341024749.pdf.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
11
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee3854cc9676cffececf73f5d976836250c70eff6926d27c64c3a5a9ccdb0275/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 06:58:11 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5y4fjtewo3h75twpop25s5udmjimodx7netne7deyos2ttg3aj2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz ee3854cc9676cffececf73f5d976836250c70eff6926d27c64c3a5a9ccdb0275

(this sample)

AgentTesla

Executable exe de77f2b2fe58ab75b2a6876cc9883d59330766559847223284d764b74d88df12

  
Dropping
MD5 26a528a86cad4a65522eba4db40f5014
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 de77f2b2fe58ab75b2a6876cc9883d59330766559847223284d764b74d88df12

Comments