MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 21e61534766a6d0dbc8a867c7a0c6c6a2153a227162641c6306da7772ff4cff2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 21e61534766a6d0dbc8a867c7a0c6c6a2153a227162641c6306da7772ff4cff2
SHA3-384 hash: 9a94a984a4749d7f5af4ee9d731f63d59b584402b46d1d4ee5d247ec2d5eb2c3b79f322ddd5eb463d7e63b539a098f41
SHA1 hash: e251c8ad5e075c38f9c2107e782b2523e4210808
MD5 hash: 4a62c645f303b55023b348d4698797d1
humanhash: nevada-romeo-equal-johnny
File name:FI20-1194 - FTQ1.pptx.pdf.r02
Download: download sample
Signature AgentTesla
Create hunting rule
File size:415'322 bytes
First seen:2020-05-12 15:10:40 UTC
Last seen:Never
File type: r02
MIME type:application/x-rar
ssdeep 12288:ZbNANPDi1lAwmJmL/vNWT/kHKguFx+6qFphFjpgE0Up:VKNPDiImL/vorkHzuvopbjCE5
TLSH B6942377005192B1EB398FDE1D6E5606442FD166810622EABDD3CAD333D632ED4BEC0A
Reporter abuse_ch
Tags:AgentTesla r02


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: srv107703.vps.myhostingpack.com
Sending IP: 104.131.56.112
From: Smeralda.Ramos <recepcion2@calmet.com.mx>
Reply-To: recepc2@calmet.com.mx
Subject: OUTSTANDING INVOICE 28897
Attachment: FI20-1194 - FTQ1.pptx.pdf.r02 (contains "FI20-1194 - FTQ1.pptx.pdf.zip.bat")

AgentTesla SMTP exfil server:
mail.climasenmonterrey.com.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 15:35:54 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ehtbkndwnjwq3pekqz6huddmniqvhirhcytedrrqnwtxol7uz7za._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r02 21e61534766a6d0dbc8a867c7a0c6c6a2153a227162641c6306da7772ff4cff2

(this sample)

AgentTesla

Executable exe 8cacb4c01a703f8a300130d23fe74ab651ce7916a701357cb14b468e2a816a3d

  
Dropping
MD5 b125fb8ec14b5b5a0a677256ac8291a9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8cacb4c01a703f8a300130d23fe74ab651ce7916a701357cb14b468e2a816a3d

Comments