MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17d25890e0b21fd7d2515e9941d5be7158696f9cfbfb4004eb1f22db11aec85d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 17d25890e0b21fd7d2515e9941d5be7158696f9cfbfb4004eb1f22db11aec85d
SHA3-384 hash: a38af3018ce09416e6347f65cb7c610e4e82bf925a7a8f9d9ba27d86aa4e00a69d3b76c36aa2f94a761d9517a692f950
SHA1 hash: 5898924a1b6e9886ee69759ef4ce24e94feda81d
MD5 hash: 7c7e2b716eeb04cf5dfce17d083628ca
humanhash: nebraska-carbon-massachusetts-coffee
File name:REQUEST FOR QUOTATION A.J.C. Engineering (Pvt.) Ltd.Alaihla.pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:426'199 bytes
First seen:2020-08-13 04:19:33 UTC
Last seen:2020-08-13 04:23:18 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:m1gZCE/swRxP8EhdpqNlSVovyUQ3rs0wqoKsl6yzX7JzNmWJAjoSRulcuJ79:QgZCEEWB8up0zvPQY0do164LVNv9SI79
TLSH 1E942329ABA7B3D3B54820058B666DBBA1DF78D2BE07135B70C5DD11C291F730AAC079
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email
From: Ala Eddine Boukhzar<export@ajcengg.com>
Received: from ajcengg.com (unknown [155.94.136.46])
Date: 10 Aug 2020 10:39:36 -0700
Subject: REQUEST FOR QUOTATION A.J.C. Engineering (Pvt.) Ltd.
Attachment: A.J.C. Engineering_ mike Alai.pdf

Intelligence

File Origin
# of uploads :
4
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/17d25890e0b21fd7d2515e9941d5be7158696f9cfbfb4004eb1f22db11aec85d/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-11 15:26:45 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/17d25890e0b21fd7d2515e9941d5be7158696f9cfbfb4004eb1f22db11aec85d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 17d25890e0b21fd7d2515e9941d5be7158696f9cfbfb4004eb1f22db11aec85d

(this sample)

AgentTesla

Executable exe ea05af63c09f44e18eb01715faa91ac4b9c64199b07a4973f0dd7a530f811193

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ea05af63c09f44e18eb01715faa91ac4b9c64199b07a4973f0dd7a530f811193
  
Dropping
AgentTesla
  
Dropping
MD5 aa68b02838a10a2e17b00007ddcc1205

Comments