MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 496e359bfdeac57159e587c2164c90a015d72afa7424f9875e4e8b5978bea1f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 496e359bfdeac57159e587c2164c90a015d72afa7424f9875e4e8b5978bea1f0
SHA3-384 hash: 3959b8b1eb8c49bf4f097cdd8688bb2c7431b9f397c9efed604d408765b3762c83589c7609710c8151299e9b7e7613e7
SHA1 hash: f9e4e2e9661fdeb4632f399ca5813575557f1070
MD5 hash: 7e10a7407b4d251eed532bfe60f21c20
humanhash: colorado-moon-eighteen-golf
File name:K A E PO12053.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:426'428 bytes
First seen:2020-06-10 11:23:19 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:aga7U7JE6cuqx0kKv3Mi5sktJYkBjr+YEzE7Qj+fK1OMGtAux9VQczoX6H3ON+NM:aSif0382tJn1r+XsGGaWNBPmIm
TLSH C594238C5B0117AB6F7D4F8E92A5D9B9A2E207826CED25D585DE3020AC1BC33B5C527C
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: kianann.com
Sending IP: 209.58.149.85
From: Purchase <soolee@kianann.com>
Reply-To: sultan.works@yandex.com
Subject: Kian Ann Engineering Pte Ltd Purchase Order
Attachment: K A E PO12053.rar (contains "K A E PO12053.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-06-10 11:25:04 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jfxdlg755lcxcwpfq7bbmtequak5okx2oqsptb26j2fvs6f6uhya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 496e359bfdeac57159e587c2164c90a015d72afa7424f9875e4e8b5978bea1f0

(this sample)

AgentTesla

Executable exe d77d7298cf6f8d15655ced4042c5057b12ca79fed15052bca1573ea5ad084bdf

  
Dropping
MD5 36e4f86747592cdf2136a226cedd2fcb
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d77d7298cf6f8d15655ced4042c5057b12ca79fed15052bca1573ea5ad084bdf

Comments