MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24d4766c02d8ba1e0879ee2fe2afed8354ec7d13ba3b0e907e0f8b0ca2f00cda. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24d4766c02d8ba1e0879ee2fe2afed8354ec7d13ba3b0e907e0f8b0ca2f00cda
SHA3-384 hash: 0ab86cdab0c2529132d2baf493d6ea496fa516e464d9073be29794a434612d35fa52411313a337f0c8bfb5ef336913cb
SHA1 hash: bd2982dc677de789377747fcfeecc9c22ac78b4a
MD5 hash: 9ab59d39bbaedc76fa6927175dcaeddd
humanhash: mountain-moon-sixteen-king
File name:Hyundai_Eng_Project_RFQ_Issuance_Cut-off date_2020-06-30.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:389'805 bytes
First seen:2020-06-29 07:42:16 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Bqn6UzAZytNhsvDh7SF4IAOPkG4aH+5U0v3zSKELwumkcW31MwywBMUO1rSJWJb/:U5s4hsd7SF4I314bUI+KpuMq8rSJqaWj
TLSH DA842395CC086B98153E71ACAB722F2C38EABE8A5FD94D145144B970D0B484725FFB8F
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp1.hiworks.co.kr
Sending IP: 121.254.168.204
From: jwcho@bogoplant.co.kr <jwcho@bogoplant.co.kr>
Subject: Project - Request For Quotation
Attachment: Hyundai_Eng_Project_RFQ_Issuance_Cut-off date_2020-06-30.rar (contains "Hyundai_Eng_Project_RFQ_Issuance_Cut-off date_2020-06-30.exe")

AgentTesla SMTP exfil server:
smtp.berbizon.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/24d4766c02d8ba1e0879ee2fe2afed8354ec7d13ba3b0e907e0f8b0ca2f00cda/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 07:44:05 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=etkhm3ac3c5b4cdz5yx6fl7nqnkoy7itxi5q5ed6b6fqzixqbtna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 24d4766c02d8ba1e0879ee2fe2afed8354ec7d13ba3b0e907e0f8b0ca2f00cda

(this sample)

AgentTesla

Executable exe d1076d7ed1c0f4710daf4352bc41472e1061ad7195f68b958e1224a97a446f1e

  
Dropping
MD5 c73ae47a444ce062fde62fbefa050113
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d1076d7ed1c0f4710daf4352bc41472e1061ad7195f68b958e1224a97a446f1e

Comments