MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4096ebdc9b6befa552159c5c0b4483fb38ebe63e2b29229a818398aaf0a5401e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4096ebdc9b6befa552159c5c0b4483fb38ebe63e2b29229a818398aaf0a5401e
SHA3-384 hash: 7b47402ebce39ab662bd4c7a3a7b2e73f883f88ed98cc9ed4a0ca044180ae1671a80e3d904dad1a8ef8b136905e702de
SHA1 hash: 4f60b9c1f8ac19da69c96d0616f09c3b3c98cbd7
MD5 hash: 9e353189f9bc90d4e332f3b857cdf0f8
humanhash: hawaii-pizza-pluto-eight
File name:Original Bill of Landing Docs.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:395'972 bytes
First seen:2020-05-27 18:03:01 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:g9A6SnnVlJLmsZ/GHfFXemacVP6E7r8aW2Q2sBoONK9emPW6Xn8vnnELr6asnfDF:JdnPBwuRKrfQ2TOk9ZPBsnnWKnfYv8
TLSH D584237876F4B5EFAA758680B03C5B22BC5AB1951D902DFD3F16C98C36BC03A625D12C
Reporter abuse_ch
Tags:AgentTesla Maersk r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: pranatadwimulia.com
Sending IP: 199.96.83.18
From: Maersk Line <logs@pranatadwimulia.com>
Reply-To: Maersk Line <bemusadonis@gmail.com>
Subject: Original Bill of Lading Shipment Documents
Attachment: Original Bill of Landing Docs.r00 (contains "Original Bill of Landing Docs.exe")

AgentTesla SMTP exfil server:
smtp.equipromax.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:17 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 4096ebdc9b6befa552159c5c0b4483fb38ebe63e2b29229a818398aaf0a5401e

(this sample)

AgentTesla

Executable exe b4e950994387c2d8dd5473be110004b50156454585ce6c72751d4e793b2bfd36

  
Dropping
MD5 d78a6c06b5b2e4ee326f4391839cdc71
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b4e950994387c2d8dd5473be110004b50156454585ce6c72751d4e793b2bfd36

Comments