MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 64f01d3c9689a9cb14896d29495b5d08b292395616ba66e0e887e333bd85d837. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 64f01d3c9689a9cb14896d29495b5d08b292395616ba66e0e887e333bd85d837
SHA3-384 hash: dfc2b73ca1716a6a871527b1dba3c1b5d19ae294cefd53d6921835ba85da8e3b4afca1c0c479393dba95c8379b361f5d
SHA1 hash: 217db99632d70cfa3efd7feb9016af7d6ab13c26
MD5 hash: 5610a407ab496f3f4225dd42674168a3
humanhash: six-north-ink-item
File name:Scanned doc.pdf.rar
Download: download sample
Signature AgentTesla
File size:442'816 bytes
First seen:2020-07-31 11:33:10 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:+JrvCYZEemg2yxO1cjiKHd419qoKcJafooNEExzwOV:i5C/r+jR43voi4V
TLSH C494231704DB2ED2F7161E11ECCC08E17693BE32A2B5987C115A41AA05BA7F9BB7C439
Reporter @abuse_ch
Tags:AgentTesla rar


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: hwsrv-749673.hostwindsdns.com
Sending IP: 192.236.193.181
From: Catherine Sun <Sun@wamtruck.com>
Subject: REQUEST SOA PAYMENT DETAILS- /JUNE/JULY/2020.
Attachment: Scanned doc.pdf.rar (contains "Scanned doc.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
30
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-07-31 11:35:05 UTC
AV detection:
18 of 48 (37.50%)
Threat level
  5/5
Threat name:
Kryptik
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 64f01d3c9689a9cb14896d29495b5d08b292395616ba66e0e887e333bd85d837

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments