MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 209034ce5e8f12cbe56554fc83ba7107b83b513a3ec85e753e44f94c614d21dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 209034ce5e8f12cbe56554fc83ba7107b83b513a3ec85e753e44f94c614d21dc
SHA3-384 hash: 8833b06b0547ce699bd48ca9973cae0788455f375b678156674aa98d073def01cc1ee3635ee9d356572f6dd577836bc0
SHA1 hash: bef836aed3c3af1d7cf2df2cb09cd9a8483d9c5c
MD5 hash: bf6a29c620fbd64641695a2f1c3bbed1
humanhash: fanta-island-double-california
File name:LkwMvHHnileixY9.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:389'186 bytes
First seen:2020-05-24 16:00:55 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:8yGxQgmaVRdPfmxH+KFzL9ummJTe4ctG80dE7AfkcNpuXNeexwuGJATHHbQcdXL:5GxOSmxeWvpGTfctYdT/uXpfuQnscdXL
TLSH 138423C3FD123AA0CDA9FB59B58542F45C8B98CC59304019C669B9C5A8FE4CDD33E1B6
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: correosalida.galanoa.net
Sending IP: 91.121.145.84
From: . <pedidos@nexos.es>
Subject: Pedido 18927861
Attachment: LkwMvHHnileixY9.rar (contains "LkwMvHHnileixY9.exe")

AgentTesla SMTP exfil server:
mail.gascuenca.es:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-24 16:35:28 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 209034ce5e8f12cbe56554fc83ba7107b83b513a3ec85e753e44f94c614d21dc

(this sample)

AgentTesla

Executable exe e3eb0c71861623b658b3f6c6d3ca3d925d2447d42a985718c0470d01dbf4e908

  
Dropping
MD5 a0187c3cd40f14c13b7526d31a771759
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e3eb0c71861623b658b3f6c6d3ca3d925d2447d42a985718c0470d01dbf4e908

Comments