MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 185b5ad673d7565d772e88fd7f52531d983737030b762371d3916e634607ea69. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 185b5ad673d7565d772e88fd7f52531d983737030b762371d3916e634607ea69
SHA3-384 hash: 924b486700d34879bc96f7f1b1f037fbeba61a28f1578d17d743126dfd9fbb3ae8db1ef3f2f027bd8c57dcde9c56db49
SHA1 hash: f7a87478431f0c9ae016177c908760adeb8d3070
MD5 hash: fe9890bb7f87ee9b8e473d1dbcacff33
humanhash: hydrogen-freddie-purple-mississippi
File name:Nextway Pls Quote Ref RFQ#0116-NV-C.pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:461'843 bytes
First seen:2020-04-20 06:02:08 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:d768OfWwFGDxNDfUZZ9A2D0O8iYPYL5K+bKU:567WtGZQO8izbr
TLSH 15A42304FE4A58870FE6DCDB79A6C18EC42BECC11604BE1731B92967165F0DFA8670B6
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email
From: Charlie Vicencio <char.vicencio@nextway.us>
Received: from mail.makeslaw.com (mail.makeslaw.com [103.89.4.173])
Date: 19 Apr 2020 22:50:54 -0700
Subject: Nextway Pls Quote Ref: RFQ#0116-NV-C

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-20 04:59:24 UTC
File Type:
Binary (Archive)
Extracted files:
21
AV detection:
3 of 47 (6.38%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dbnvvvtt25lf25zord6x6ustdwmdonydbn3cg4otsfxggrqh5juq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 185b5ad673d7565d772e88fd7f52531d983737030b762371d3916e634607ea69

(this sample)

AgentTesla

Executable exe 48f98021c7012fa70c008e4ecb8fad8cb67b97adec64679d1272db94894ad7b1

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 48f98021c7012fa70c008e4ecb8fad8cb67b97adec64679d1272db94894ad7b1

Comments