MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15487ba85862bf7584245c2297193f9d3939d007c84b9df8832c9ba63bde7d6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15487ba85862bf7584245c2297193f9d3939d007c84b9df8832c9ba63bde7d6a
SHA3-384 hash: 12ab050e23fda0e0afc2361e6e6361205362faa010c8fe17c86d235b870f5a262044b5b324554326e24eaeb5fa46695f
SHA1 hash: 583a23ce7366bdf7a8e6ed057ef4fc090fad8d46
MD5 hash: d1a35f6dc32de3a278fa8d32e04e6d29
humanhash: low-west-delaware-hydrogen
File name:PO.NO.062.jpg.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:406'641 bytes
First seen:2020-06-15 12:25:25 UTC
Last seen:2020-06-15 16:56:43 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:dFznSmdsb4Nfv2onQSKn2ZPbNV7SOsVbAIa:/TF2+fvfl6YPbNrsVAZ
TLSH 8C8423AEB518038743A844A78B4D7D06B5816DF04695EABB6CCC8F3EDDDC90CA1C55D3
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: blsgroup.in
Sending IP: 103.99.1.173
From: "BLS Purchase"<blspurchase@blsgroup.in>
Subject: RE: PAYAL POLYPLAST GOA PO-0422
Attachment: PO.NO.062.jpg.rar (contains "PO.NO.062.jpg.exe")

AgentTesla SMTP exfil server:
mail.aquariuslogistics.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25893.RarHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:27:05 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cvehxkcymk7xlbbelqrjogj7tu4ttuahzbfz36edfsn2mo66pvva._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 15487ba85862bf7584245c2297193f9d3939d007c84b9df8832c9ba63bde7d6a

(this sample)

AgentTesla

Executable exe 2956ff2a2dfc07ae7b96a45244d06162a03759c40120ab764c29e25a833d26c0

  
Dropping
MD5 de713ccd4360afd9c39c4c200efac410
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2956ff2a2dfc07ae7b96a45244d06162a03759c40120ab764c29e25a833d26c0

Comments