MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38b4e78c90c783383d42f1437e37b2d33b6941e292bdb65b2afe484907f02446. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38b4e78c90c783383d42f1437e37b2d33b6941e292bdb65b2afe484907f02446
SHA3-384 hash: 7072c5fac9a6d8d00bb5b86948f74820032d54473170132b9605df15803c4d838f6ace2b559bd2cbfc1af27b7fcb808b
SHA1 hash: b7fc43d9de05ea16e8c9346a00b82651125d1c9d
MD5 hash: bddf326a3276925c8ef705e324528973
humanhash: asparagus-uncle-diet-equal
File name:New Inquiry.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:488'918 bytes
First seen:2020-06-10 07:11:54 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:8Zg2SVOdrMQKyVxRhWrVtv4GfBpqOadryD8r:8ZgEBMVoxPCbvHf4gE
TLSH 63A423588CDF3D372CBA37950E0E48E895252A780B906ADD72DB87C62B2DD48D358376
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.xweb.cz
Sending IP: 193.19.179.33
From: Gina (Gina) Breedt <info@auto-simek.cz>
Subject: New Inquiry
Attachment: New Inquiry.rar (contains "New Inquiry.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:13:06 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hc2opdeqy6btqpkc6fbx4n5s2m5wsqpcsk63mwzk7zeesb7qerda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 38b4e78c90c783383d42f1437e37b2d33b6941e292bdb65b2afe484907f02446

(this sample)

AgentTesla

Executable exe f3f038f7ea7aba5ce5e184d91ef33b9b365f3133088f21af6cf6b1e06c2b7520

  
Dropping
MD5 e1a92dec597ede60c04f1eed7715c461
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f3f038f7ea7aba5ce5e184d91ef33b9b365f3133088f21af6cf6b1e06c2b7520

Comments