MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 136d4087a330691ca7023ada3664f96c87f79a3b7c4da9245a99f17bbc8d590b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 136d4087a330691ca7023ada3664f96c87f79a3b7c4da9245a99f17bbc8d590b
SHA3-384 hash: 8a934591977dd4f08101a67cc58b3f53958fc155ec8781dbf117ae7f667453dccc7a1908ea1c43e48a3f69bf9494dec8
SHA1 hash: e46cc0d8cf5a81603a60f7314a8bcf118f34c629
MD5 hash: bb48846c342f99b9a0cb2b364d6c2500
humanhash: hotel-mango-july-colorado
File name:PURCHASE ORDER AND SPECIFICATIONS...scanned...pif.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:509'958 bytes
First seen:2020-05-21 15:41:19 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:5H6Iv89Ua9+PAe8h6Ntg6rCJo36ODSmf+yJNQRwvN:QIcUa9+PTJY7Jo3Luq+sNqwV
TLSH 0CB42382FB03DE0FB57B94BB459BD624F867654C9D6F09A49070C4A38C09E9137AC7CA
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hwsrv-729369.hostwindsdns.com
Sending IP: 142.11.196.208
From: PROCUREMENT MANAGER <optiks@optikinectics.com>
Subject: REQUEST FOR QUOTATION ON THE PRODUCTS ATTACHED PO#9018.
Attachment: PURCHASE ORDER AND SPECIFICATIONS...scanned...pif.rar (contains "PURCHASE ORDER AND SPECIFICATIONS...scanned...pif.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 02:50:00 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
16 of 48 (33.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 136d4087a330691ca7023ada3664f96c87f79a3b7c4da9245a99f17bbc8d590b

(this sample)

AgentTesla

Executable exe b215755caaff6e00b27ce67086db75a7177eddda90c1c3369290a830f7089157

  
Dropping
MD5 4f18ad3e3205cdf1710f31ff889363ad
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b215755caaff6e00b27ce67086db75a7177eddda90c1c3369290a830f7089157

Comments