MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 583735ae9de54f4ed2cce99a510a0ebc1eca8f7c56fc87fd3f2be5e864ab0e8f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 583735ae9de54f4ed2cce99a510a0ebc1eca8f7c56fc87fd3f2be5e864ab0e8f
SHA3-384 hash: 1f8a568c49610e7d7d5d8b463784fab3b2437f02aa7c7ba7210eac031313298488c11145cac182936c571700f480949a
SHA1 hash: 9fefd87f62ba3e535894b7b7f63518f99aae9746
MD5 hash: 8a884421e641326c8f2e76961a398635
humanhash: mississippi-mars-winter-grey
File name:RFQ SC0054852_PDF.r02
Download: download sample
Signature AgentTesla
Create hunting rule
File size:365'461 bytes
First seen:2020-07-13 06:28:58 UTC
Last seen:Never
File type: r02
MIME type:application/x-rar
ssdeep 6144:YJSnJjVWJbN+vkEbdTBtcaF16wdu5JkjKU5t9PQ6bwWEBDm7wL24pf4JvgAg:YJ68bAvkEbdTBtcwUkjF5tdQ6bqDm+1j
TLSH F47423D53E10151F3802A6F55F5ADC2213FF8E169928DF9F394A18380FAAC6F958E523
Reporter abuse_ch
Tags:ABB AgentTesla r02


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ABB.COM
Sending IP: 176.9.8.123
From: Manish Pandey <IN-GBS.IMS.MY@ABB.COM>
Subject: ABB Request For Quote SC0054852
Attachment: RFQ SC0054852_PDF.r02 (contains "RFQ SC0054852_PDF.exe")

AgentTesla SMTP exfil server:
smtp.urban.co.th:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/583735ae9de54f4ed2cce99a510a0ebc1eca8f7c56fc87fd3f2be5e864ab0e8f/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 06:30:10 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=la3tllu54vhu5uwm5gnfccqoxqpmvd34k36ip7j7fps6qzflb2hq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r02 583735ae9de54f4ed2cce99a510a0ebc1eca8f7c56fc87fd3f2be5e864ab0e8f

(this sample)

AgentTesla

Executable exe 6e9ef93b4bb2c7ea78dbba96cb34e747294454c2d142276329951e580044ddd3

  
Dropping
MD5 41b5f25fa55f9dc4d320a3c66754ec05
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6e9ef93b4bb2c7ea78dbba96cb34e747294454c2d142276329951e580044ddd3

Comments