MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81a52416920048fd13891d000cd9520e4507d12c7f48d0c43987f24b58821853. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 81a52416920048fd13891d000cd9520e4507d12c7f48d0c43987f24b58821853
SHA3-384 hash: b9b76a34389ecd5f35f78094958a903ffb6b8afd3fcea918ee6e0419a25705b013a70c1a4d05a9962b83d7bc884a5805
SHA1 hash: 710f1be021a5fce580a4d9c604386fef9f032baa
MD5 hash: 66363def4fdfc983df2730cdfea3570f
humanhash: delaware-autumn-nineteen-music
File name:PURCHASE ORDER, LAMPIRIS COMPANY.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:817'222 bytes
First seen:2020-05-13 06:27:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:ywE/wdCeeqNR+S1un1m2vONg+Xr1jIawE/wdCeeqNR+S1un1m2vONg+Xr1jIQ:G/Lq0n0L2+b1N/Lq0n0L2+b1F
TLSH 450523EE9B1D6893FFE3FC1A7693A3531B8265C08114A703C5ED87A5DB8189CA81136D
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: "Louis Dupont - Lampiris" <Louis.dupont@lampiris.be>
Reply-To: "Louis Dupont - Lampiris" <Louisdupont.lampiris@mail.com>
Subject: REQUEST FOR QUOTATION; Lampiris Company Belgium-374638
Attachment: PURCHASE ORDER, LAMPIRIS COMPANY.rar (contains "LOGO, LAMPIRIS COMPANY.exe")

AgentTesla SMTP exfil server:
mail.alvadiwipa.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 06:37:06 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qgssifusabep2e4jduaazwksbzcqpujmp5enbrbzq7zewwecdbjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 81a52416920048fd13891d000cd9520e4507d12c7f48d0c43987f24b58821853

(this sample)

AgentTesla

Executable exe 26d84a58245ef7c47ef69c0b8a1d378ad6c8a3d8d154d2358ed0b16230082420

  
Dropping
MD5 1302ad80a87e882eb0e1ab63e6d0027d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 26d84a58245ef7c47ef69c0b8a1d378ad6c8a3d8d154d2358ed0b16230082420

Comments