MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34e2b745569e9cc0a26031bf3a7f20940be6cd0e7002c0f0ca4b342ee39060f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34e2b745569e9cc0a26031bf3a7f20940be6cd0e7002c0f0ca4b342ee39060f7
SHA3-384 hash: dceaf1e1d901abe1beefcec09a207ce84448d5d9414958ea3bc98828f6b7f91e064d76d368ff94d8ce5385dce1fc45b1
SHA1 hash: aac68891568383d4c5102bf9d4985e05a9a2ca03
MD5 hash: afc21109e653bb9a60f22d8caba8552a
humanhash: pizza-rugby-juliet-magazine
File name:Listed Products.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:231'966 bytes
First seen:2020-05-21 07:36:39 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:/TY8mn9Jfc94RKi5C3rd0KN4uaScPP5NqV:7C9JUWgiI3rd0KyunwPq
TLSH C9342306DF2CC112213E5F913DBA13F3ABA9D985E3425FC5880A6671DF42D9D4AE68C8
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.almanar-group.com
Sending IP: 85.187.140.185
From: Shelly (Ms.) <gul-bros@iinpp.cd>
Reply-To: kate.wang@aus-home.com
Subject: NEW INQUIRY FOR ORDER
Attachment: Listed Products.arj (contains "Listed Products.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 08:36:16 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gtrlorkwt2ombitagg7tu7zasqf6ntiooabmb4gkjm2c5y4qmd3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj 34e2b745569e9cc0a26031bf3a7f20940be6cd0e7002c0f0ca4b342ee39060f7

(this sample)

AgentTesla

Executable exe d77811b038e2343af8a15693039baaee12d850219c9642ab49613b589d781153

  
Dropping
MD5 c5566dc236d23040a5a4dcb98956ff31
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d77811b038e2343af8a15693039baaee12d850219c9642ab49613b589d781153

Comments