MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 efeb3e0366bdeba2059b47fec1444b7a0fca85c05aeced1ecce1959f6a5725b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: efeb3e0366bdeba2059b47fec1444b7a0fca85c05aeced1ecce1959f6a5725b5
SHA3-384 hash: 8c6005d30d22e2abd6d4cefba1a78eb2b3a0eb4abc61c3da370c10f13ee76abc3d741624237ef184fb59fa5fdc86fcef
SHA1 hash: 0b6dd96f59afada18404e98d65c1c0bdfe8a2b23
MD5 hash: 72953ce667d1a37099ada67129673c03
humanhash: papa-moon-sierra-mike
File name:RFQ Ref. No DMMG-ONC005202000.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'114'115 bytes
First seen:2020-06-08 06:17:57 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 24576:rRXDrMfBVNC+sNNqRk9D4+n2Os7l3GVqxsxGPh2czf4+jv9BTFm:VrMfB3ONqRk9xn2xlGVkyGPE/+jlS
TLSH 303523F2C928C10DAE72BF70B268819377BF622BC5ECD44549017B9E9FD8251F69099C
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ns4.small-dns.com
Sending IP: 210.5.47.75
From: Ms Kuan Ming <info@wndengineering.com>
Reply-To: info@wndengineering.com
Subject: request for quotation(urgent)
Attachment: RFQ Ref. No DMMG-ONC005202000.7z (contains "RFQ Ref. No DMMG-ONC005202000.exe")

AgentTesla SMTP exfil server:
mail.enmark.com.my:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 06:19:04 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=57vt4a3gxxv2ebm3i77mcrclpih4vboallwo2hwm4gkz62sxew2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z efeb3e0366bdeba2059b47fec1444b7a0fca85c05aeced1ecce1959f6a5725b5

(this sample)

AgentTesla

Executable exe 7c15dd07b223275e68dd8034583f12a73fc19f2d42abede56ed8d0dfdc92edc6

  
Dropping
MD5 40bedcb0771e67eee9e2b7016d40defe
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7c15dd07b223275e68dd8034583f12a73fc19f2d42abede56ed8d0dfdc92edc6

Comments