MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2acb805e9eeb3018853ba63524a4f5bb49d52c39ef95e92aea3aa58e78b553af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2acb805e9eeb3018853ba63524a4f5bb49d52c39ef95e92aea3aa58e78b553af
SHA3-384 hash: 098d3403a19934a2f4fabb5e4d843718a701d4a44f06d7e9b8d8a7f62407f44dbb74e2893a4a1aa5d5bb46642c9f943b
SHA1 hash: f1ee0eec87f99b9c34fae1ab3103d8278a50cae8
MD5 hash: 5973a5bf0911b5507336fbed94ef4a92
humanhash: illinois-twenty-december-skylark
File name:Order_TMT19004.OD1_Quotation no 700944_doc.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:391'946 bytes
First seen:2020-07-16 08:58:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:jPVovBES8MWJYzrFd4SmhuLbfBFCsobun4Ai/fmtjh1iAluVqz+CvkUySEfNP9+:Zc+RYzrFd4kKLAIuD/hsUypM
TLSH 648423F5BB5B6DC609B5B60720A8B8F0C8F556CC444B16C3361E215B27243F69CA62FE
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: pelanduk.empatdns.com
Sending IP: 180.235.149.75
From: Mr veljko <veljko.bituh@selmet.com>
Subject: WG: Order_TMT19004.OD1_Quotation no. 700944
Attachment: Order_TMT19004.OD1_Quotation no 700944_doc.rar (contains "Order_TMT19004.OD1_Quotation no 700944_doc.exe")

AgentTesla SMTP exfil server:
smtp.moorefundz.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2acb805e9eeb3018853ba63524a4f5bb49d52c39ef95e92aea3aa58e78b553af/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 09:00:07 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=flfyaxu65mybrbj3uy2sjjhvxne5klbz56k6skxkhksy46fvkoxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 2acb805e9eeb3018853ba63524a4f5bb49d52c39ef95e92aea3aa58e78b553af

(this sample)

AgentTesla

Executable exe 3734824d00294eebe71c8752193e73abd3a07e3a51458f18c2470e44098e26b8

  
Dropping
MD5 ae1bef02d2f66a17c8952e569db63480
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3734824d00294eebe71c8752193e73abd3a07e3a51458f18c2470e44098e26b8

Comments