MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 07a5f049ebc755e5636802bd97ab7bf2eae327c2bfeaea0897fa0e5a9ea0da40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 07a5f049ebc755e5636802bd97ab7bf2eae327c2bfeaea0897fa0e5a9ea0da40
SHA3-384 hash: 0226000b789dfc681fc0d997049315e17ac795f71644864867e3be443c58d70e8e8f28c344d54f7818cd94eb7e4aac34
SHA1 hash: 143907570a999f53a0ac227b1e29e9d0d7594cff
MD5 hash: a96d76233c40654b585e0d1e3970da4a
humanhash: may-alabama-hawaii-nitrogen
File name:PURCHASE ORDER AND SPECIFICATION.pif.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:422'764 bytes
First seen:2020-05-14 07:47:21 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:97goP0y3ngKNf9o5uebxh0/WeVH/B+0ghhWZ46/vREok3NHIrpKrTJ985D4t:dgoPX1NfiImh0eed/wBhS4ycKrpKfbF
TLSH 639423382411C95978CE264B78CBE6B4320B34A5534A8ACF6C3AF341615763C7BD96EF
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hwsrv-717595.hostwindsdns.com
Sending IP: 192.236.147.178
From: PROCUREMENT MANAGER <milac@contractor.net>
Subject: REQUEST FOR QUOTATION ON THE PRODUCTS ATTACHED PO#9018.
Attachment: PURCHASE ORDER AND SPECIFICATION.pif.rar (contains "PURCHASE ORDER AND SPECIFICATION.pif.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 08:36:02 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a6s7asply5k6ky3iak6zpk336lvogj6cx7voucex7ihfvhva3jaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 07a5f049ebc755e5636802bd97ab7bf2eae327c2bfeaea0897fa0e5a9ea0da40

(this sample)

AgentTesla

Executable exe 3e160f6ab509dc96f16ef680bd0c6bd4e9b671c982853835590e5ba3b66162c0

  
Dropping
MD5 45a8e05e98c38a95086a6440b0978cd3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3e160f6ab509dc96f16ef680bd0c6bd4e9b671c982853835590e5ba3b66162c0

Comments