MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 350a46e1536b3de24338dfc986b92a30246a7c7030bbff2c4f7c68fca6470955. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 350a46e1536b3de24338dfc986b92a30246a7c7030bbff2c4f7c68fca6470955
SHA3-384 hash: 57fd3a9a8765844db545b967045a0971ed9d9f3fbceb7c8985514b19fea0098945ae7a69c3db8082125241a5ce2b8688
SHA1 hash: b6bbd0e3a7a23304c12351d766f529b9b4b95dc0
MD5 hash: cce5ea66432a18e2d9288bdcb04ee05a
humanhash: magazine-fix-bravo-bravo
File name:NEW ORDER.XZ
Download: download sample
Signature AgentTesla
Create hunting rule
File size:517'039 bytes
First seen:2020-07-13 05:25:35 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 12288:ILxgTDyN76/ef+guMyR9FOZmUaOQDpdoSg0JrPjwDyPgKoIt:O2Y76/1Jqig8Pjw4r
TLSH DBB423E901925A9B89C9DBAC3712151231E3EC56F8236C74F3E12B9B84895BE46F3F11
Reporter cocaman
Tags:AgentTesla xz


Avatar
cocaman
Malicious email
From: =?UTF-8?Q?=E9=92=9F=E5=85=B0=E8=8A=B3?= <zhonglanfang@hilikvision.com>
Received: from 142-4-22-49.unifiedlayer.com (142-4-22-49.unifiedlayer.com [142.4.22.49])
Date: Sun, 12 Jul 2020 21:22:49 -0600
Subject: KE:NEW ORDER
Attachment: NEW ORDER.XZ

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/350a46e1536b3de24338dfc986b92a30246a7c7030bbff2c4f7c68fca6470955/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 05:27:07 UTC
File Type:
Binary (Archive)
Extracted files:
141
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gufenyktnm66eqzy37eynojkgasgu7dqgc576lcpprupzjshbfkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

xz 350a46e1536b3de24338dfc986b92a30246a7c7030bbff2c4f7c68fca6470955

(this sample)

AgentTesla

Executable exe 9622729f9517d5a5eecd4a278ea564d750b17e300337a0f0e023c986bf0e537d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9622729f9517d5a5eecd4a278ea564d750b17e300337a0f0e023c986bf0e537d
  
Dropping
AgentTesla

Comments