MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ee5281926c27efbed372ebbb1cc11d6b0c4f66072a5e7a738b810d26e78e3b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4ee5281926c27efbed372ebbb1cc11d6b0c4f66072a5e7a738b810d26e78e3b1
SHA3-384 hash: 54a0b3705c8042a72b6127c83ac5e722cfda910e973223c0305d7dcf5395125d0ed5799e6f7be4c3592f56099efd896c
SHA1 hash: 18182ee5a72c197bf9c2a38e52bd17143680669c
MD5 hash: 53c771f2545f636101a4a9851b3128d3
humanhash: xray-william-lake-apart
File name:Inquiry Order Valves pumps.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:443'839 bytes
First seen:2020-05-25 07:50:57 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:6fz75j0lhM+oauMqKYk+ZoIQxkhq4DFIgtA9Jdr:6f/KYa5qpkmoIEKq4BI86Jdr
TLSH 909423CA16C5684A14B41589EE7D38EC887DE46FA109C7B893939C1F1F45399BEB1C3C
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: Heun-soo Jeon <sunkyung@pneumatic.co.kr>
Subject: Order for Valves & Pumps (PO#9A88D25)
Attachment: Inquiry Order Valves pumps.rar (contains "Inquiry Order Valves & pumps.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 08:36:13 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 4ee5281926c27efbed372ebbb1cc11d6b0c4f66072a5e7a738b810d26e78e3b1

(this sample)

AgentTesla

Executable exe 70c6087133db4b6ecd4e5b74c7c2719cabfff8c24657044ce31ee905fc39fb9b

  
Dropping
MD5 369149c9017ee2b0bf0f3238e85b6235
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 70c6087133db4b6ecd4e5b74c7c2719cabfff8c24657044ce31ee905fc39fb9b

Comments