MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 634c4637ec9c4d82cfb4d36066b9b6116ebab0337b3aa59f1198377a210a9dbe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 634c4637ec9c4d82cfb4d36066b9b6116ebab0337b3aa59f1198377a210a9dbe
SHA3-384 hash: c974d058c31c387abb2d4ad46bbe6aad8d66d38c418d8821ef43e6b3072c20425497fb85bc93af7a5745086d76642d7f
SHA1 hash: b14b989bf8320b62cd6707b5a30cd11d954e5764
MD5 hash: eb26d68fadf6bedab1c60dcf6e2c9316
humanhash: triple-pizza-connecticut-social
File name:Sinergy_Group Order.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:274'227 bytes
First seen:2020-07-16 10:04:20 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:/toMp5qpGI7E65ojCPWnvrBdrerEhwWpENxShNI:iMpQCbrBdLhwWpEah+
TLSH 3144237D3A96C0BA8286CDCD56D50D8411C621BC85D0A018379A373632FFBB69E8F64F
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mcegress-14-lw-8.correio.biz
Sending IP: 191.252.14.8
From: Charles Belén <charles@perfectinfo.com.br>
Subject: Sinergy Group SRL Order
Attachment: Sinergy_Group Order.rar (contains "Sinergy_Group Order.exe")

AgentTesla SMTP exfil server:
smtp.chigo-cec.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/634c4637ec9c4d82cfb4d36066b9b6116ebab0337b3aa59f1198377a210a9dbe/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 10:06:07 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mngemn7mtrgyft5u2nqgnonwcfxlvmbtpm5klhyrta3xuiiktw7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 634c4637ec9c4d82cfb4d36066b9b6116ebab0337b3aa59f1198377a210a9dbe

(this sample)

AgentTesla

Executable exe 56f2d6b9b207a2e0f5fc1a59d36376b4cde1ac6ac52e95a9c48c00c02e271516

  
Dropping
MD5 539201934efaae51a640090736ed472f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 56f2d6b9b207a2e0f5fc1a59d36376b4cde1ac6ac52e95a9c48c00c02e271516

Comments