MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 322a6e746765eeaf77428f49294afec48b4c7226929d8ef9a42b9e1d823df83e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 322a6e746765eeaf77428f49294afec48b4c7226929d8ef9a42b9e1d823df83e
SHA3-384 hash: 8c1781ccf63cc7ea9c75ec0376eb528849d5d824c777345c6af1b6001a9b397f7989edba295d4b31f1cf4c7297a27ef8
SHA1 hash: f53ca67f78a3bd4fc35aac0d8633accbbbe3de31
MD5 hash: ca8edd5563d40dc1b47bbf5e6e5d3b9c
humanhash: failed-oxygen-venus-lake
File name:Q37185_1.pdf.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:466'099 bytes
First seen:2020-04-24 11:41:59 UTC
Last seen:2020-04-24 14:39:16 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:XYFVFVR3MRj4Mk1QWXT8bv55ihvNd3HAW68qtkt6co:XMJp0j9kitYdXASqtktpo
TLSH EBA4230CD5DBAE18A2D56DFFFD4F206B3C07480074BAED2DBF54210598A7121A3A67A7
Reporter jarumlus
Tags:AgentTesla


Avatar
jarumlus
Malicious email
From: Kim ? <nitzsche@rmcsport.com>
Received: from kenta.com (unknown [217.61.97.187])
Date: Fri, 24 Apr 2020 09:51:58 +0300
Subject: SKC-SQP-19-006 Confirm order
Attachment: Q37185_1.pdf.arj

Intelligence

File Origin
# of uploads :
5
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.MulDrop12.5420.2090.741.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-04-24 12:35:23 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=givg45dhmxxk652cr5esssx6ysfuy4rgskoy56nefopb3ar57a7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

AgentTesla

zip 322a6e746765eeaf77428f49294afec48b4c7226929d8ef9a42b9e1d823df83e

(this sample)

AgentTesla

Executable exe 1b3e0ecd48429892985659b9b22f90c46824e7a006829bcfa04224fa4a13108e

  
Dropping
SHA256 1b3e0ecd48429892985659b9b22f90c46824e7a006829bcfa04224fa4a13108e

Comments