MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee3c70578557d62c1efbb57c1231388df6bd48a9c8bf596783c850d16bc4fc39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee3c70578557d62c1efbb57c1231388df6bd48a9c8bf596783c850d16bc4fc39
SHA3-384 hash: 95eac803e1342077b754debebc1ecaddf1374f2f02674bd1f333da8ce4b7f8daabcce8d66c8c3d0375c08fc3011a7a4f
SHA1 hash: 3b62163289f3e0d648d74c9cd97fa61b19d87deb
MD5 hash: e9bc609914253327d39cb9c3d72a4a73
humanhash: texas-robert-twenty-nuts
File name:Factura comercial.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:407'308 bytes
First seen:2020-07-01 17:00:57 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:a1z4vC9g1m4pTzuZMtIFNePiMOofYMaKRjB1yGxdnnDqbA+7XbHvZIzoWIPTlMZ:aU+ghd6WtIFJYY7uq0dnnDCAG6zsTaZ
TLSH 8B8423BF86673774C91E46527D1F04595DF183028DB748E3683A7E4E3288793388B6AB
Reporter abuse_ch
Tags:AgentTesla DHL gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.apartacel.com
Sending IP: 200.52.172.106
From: DHL EXPRESS <cesar.barahona@dhl.com>
Subject: FW: Su notificación de envío de DHL: 6278216733
Attachment: Factura comercial.pdf.gz (contains "Factura comercial.pdf.exe")

AgentTesla SMTP exfil server:
mail.trademaxperu.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee3c70578557d62c1efbb57c1231388df6bd48a9c8bf596783c850d16bc4fc39/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 17:02:04 UTC
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5y6hav4fk7lcyhx3wv6bemjyrx3l2sfjzc7vsz4dzbinc26e7q4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz ee3c70578557d62c1efbb57c1231388df6bd48a9c8bf596783c850d16bc4fc39

(this sample)

AgentTesla

Executable exe 4bf1fd37adafd606267d83a3def9b6c0d44b9094dbc650755f12219af5753399

  
Dropping
MD5 02e83b68951f3a0f4ca46d2b64ec6118
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4bf1fd37adafd606267d83a3def9b6c0d44b9094dbc650755f12219af5753399

Comments