MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 312d839c12d1b87e46c38812df85d747235f9fe019b5cfcd4d293528a70896ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 312d839c12d1b87e46c38812df85d747235f9fe019b5cfcd4d293528a70896ec
SHA3-384 hash: e96c3427fc9382639a7bbfac6c97a60e7c3cc21166b4bd0bf0db4de2e9d3e776e24dbf0b2691a4b3c381f2d87247d16b
SHA1 hash: 81bd115553fad90706c43e666449c9f407c37b85
MD5 hash: a8e2df08db797994941476cae6e329f1
humanhash: apart-stream-pasta-paris
File name:PI 20200512.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:568'714 bytes
First seen:2020-05-12 16:31:53 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:gFNYm5N/ULabwET5aWLbUBdkFcvOkYwcTHwxCO7GHo8XmPz2HqLZ0+bEw7PtbMzO:c9MLMdrTcvdFC3XmPKe0LeMgj/hIopyi
TLSH D7C4238EFABF68D2DDDB10F297AC4691C9DDDB611C408DE0C061D34AE66A1D022D71B7
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: quata.com
Sending IP: 94.177.241.7
From: Import HSA <boby@nagle.ga>
Subject: New Order PI for PO#PRO544232.
Attachment: PI 20200512.pdf.z (contains "PI 20200512.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:36:48 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gewyhhas2g4h4rwdrajn7boxi4rv7h7adg247tknfe2srjyis3wa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 312d839c12d1b87e46c38812df85d747235f9fe019b5cfcd4d293528a70896ec

(this sample)

AgentTesla

Executable exe dabc62571ab7730cebaf8d46beb2765032674b43518f30fb228917570729add4

  
Dropping
MD5 bd7e11a48da3686a166b81910346c7f3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dabc62571ab7730cebaf8d46beb2765032674b43518f30fb228917570729add4

Comments