MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5aad540ae16a32c14acd9e4731e73b16ff2f5182030906639eaa242faabfa757. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5aad540ae16a32c14acd9e4731e73b16ff2f5182030906639eaa242faabfa757
SHA3-384 hash: 74ec6af065e8237e5fefde89437ac5e8b1ad4f02a2ce6e7735d057ccc8c0493b910ef62819c7c8e9dc704f6689433046
SHA1 hash: 4d80a012ff7944795821b0e1a59ba4b975ddc032
MD5 hash: 1fe8ad52fd67e4df4863b132f625975b
humanhash: speaker-orange-juliet-ten
File name:PO 431_6001_2.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:399'044 bytes
First seen:2020-05-21 11:08:46 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:SkoDVaRDLR08dE+HUx6s8tyS6MsfBTDyjYV58+cZCbohhaRu7HI/2xa:NoDViDLR08SroEfTO853cLha87C2xa
TLSH BA842357F46329119D6EDC037A5478ADA366B4EFB478F2DB243140933AA2FCD43CA909
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: zcs8-mvd-gwsmtp-1.montevideo.com.uy
Sending IP: 200.40.52.165
From: panel la <barracapanella@montevideo.com.uy>
Subject: RE: PURCHASE ORDER<URGENT>
Attachment: PO 431_6001_2.arj (contains "PO 431_6001_2.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 11:31:49 UTC
File Type:
Binary (Archive)
Extracted files:
264
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj 5aad540ae16a32c14acd9e4731e73b16ff2f5182030906639eaa242faabfa757

(this sample)

AgentTesla

Executable exe 4aa9d9d468bbc5dca730ec755dbdf56fd2e3289b8cf3bde2bddc53881ca5c696

  
Dropping
MD5 64dfbee842a9a826de2cd45771aa5b68
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4aa9d9d468bbc5dca730ec755dbdf56fd2e3289b8cf3bde2bddc53881ca5c696

Comments