MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8dd3f6907ed3c73ea75030728403181926c29c68be20f82fd00e5e67d43c9383. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8dd3f6907ed3c73ea75030728403181926c29c68be20f82fd00e5e67d43c9383
SHA3-384 hash: 580852433f7531cc6c29795161091a93943125e922ab6bafdf55f1e603874d83e053fc336c858830472efceb0837a17e
SHA1 hash: b65af2a9494ed7d86a9a12e57306fe1032075c2f
MD5 hash: be5cd0c02e5595af78d1b78d3a87f9db
humanhash: juliet-diet-happy-carbon
File name:Order List_pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:432'324 bytes
First seen:2020-07-31 05:59:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:QzLD0txlukqr1odwFwG3clNXL4O5OcevxPm:wD00z1rd32UOIcz
TLSH 8F9423968F9B8271C991A54D10B71811E6FF3F0BD47B17615CBA8B3E68B7162A0F042F
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: d0.018.viliianesefmsrl.cf
Sending IP: 164.90.155.244
From: Ziel Mohammadi<ziel@epigraf.com.br>
Reply-To: riswanabdeen.gstic@gmail.com
Subject: Ziel Mohammadi
Attachment: Order List_pdf.rar (contains "Order List_pdf.exe")

AgentTesla SMTP exfil server:
smtp.hfyunachuan.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8dd3f6907ed3c73ea75030728403181926c29c68be20f82fd00e5e67d43c9383/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-31 06:01:05 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rxj7ned62pdt5j2qgbziiayydetmfhdixyqpql6qbzpgpvb4sobq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8dd3f6907ed3c73ea75030728403181926c29c68be20f82fd00e5e67d43c9383

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 8dd3f6907ed3c73ea75030728403181926c29c68be20f82fd00e5e67d43c9383

(this sample)

AgentTesla

Executable exe 713b5b1e6e84fadb65d3f5000e1bf1eeec0287e45c19f05d97a9445020149083

  
Dropping
MD5 afb723f8f19953c8a8b9b33dcb6c9619
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 713b5b1e6e84fadb65d3f5000e1bf1eeec0287e45c19f05d97a9445020149083

Comments