MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 173fc366ab54d62ea63e9b029b0cce3af7bb64c8cd03de8adac0ed6a1b46e73f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 173fc366ab54d62ea63e9b029b0cce3af7bb64c8cd03de8adac0ed6a1b46e73f
SHA3-384 hash: fe5a2bdd5afe6095881ef81d59d12231e7a217a68f912908b731518a518f17742a21016e6f31093cb93a0959a0915315
SHA1 hash: 661eeb730c63487adb853157f8491ae895065b78
MD5 hash: 2083aba03e226d7fb05b90d1c725ff6f
humanhash: mike-illinois-lion-blue
File name:New Invoice.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:348'108 bytes
First seen:2020-08-17 06:31:58 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:Ub/+5hltTkaY8pHyixKhzIJYeAqBItfkUgEavW+AqnUchR7qu0E+n1L+M3jt06Nu:m+rltzYGCUVAqEfkxJW+AqnUsRuW+1LM
TLSH 4874231927AFABD1288F05DF5B01CCCE423CE673119CEB1A52CCA79E72239E19C56395
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.mawaqaa.com
Sending IP: 69.0.149.219
From: <sheref@swtt.com.kw>
Subject: FW: NEW INVOICES/PAYMENT
Attachment: New Invoice.r00 (contains "New Invoice.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27502.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/173fc366ab54d62ea63e9b029b0cce3af7bb64c8cd03de8adac0ed6a1b46e73f/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 06:32:08 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c474gzvlktlc5jr6tmbjwdgohl33wzgizub55cw2ydwwug2g447q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/173fc366ab54d62ea63e9b029b0cce3af7bb64c8cd03de8adac0ed6a1b46e73f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 173fc366ab54d62ea63e9b029b0cce3af7bb64c8cd03de8adac0ed6a1b46e73f

(this sample)

AgentTesla

Executable exe c37040b100e234734d7e3c86f6de4eeafb4b07096c57cb37d2717aa37a64f330

  
Dropping
MD5 4d8a5a46678a71f749136077b0c37124
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c37040b100e234734d7e3c86f6de4eeafb4b07096c57cb37d2717aa37a64f330

Comments