MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 989510a7af837a991d7473046bfbc621b428218fd4aaeecc8dc4e4939068cc4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	989510a7af837a991d7473046bfbc621b428218fd4aaeecc8dc4e4939068cc4d
SHA3-384 hash:	385fca5c2bf478793f14d15d91b9e140243548ee04f052a2cc76756479e1dd75444091440cd2e6a3da08b63896667b28
SHA1 hash:	111da597c2326723103b3d315d6973e823e4c181
MD5 hash:	054aefe8b94234edd096e086d179d69a
humanhash:	lake-jersey-jupiter-five
File name:	Revised invoice.rar
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	464'797 bytes
First seen:	2020-05-06 09:17:36 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	12288:HycwdhB7VIhA64mby1IzGSegNO6aDYUKg4V6MFj8C:Hy9ZVIhApmgge2O6a0UKgcpqC
TLSH	76A42334CAA274AD14C28DF57E43BBF4ABDA470A4311676A37DFE4DBA92C4800D614ED
Reporter	abuse_ch
Tags:	AgentTesla rar

abuse_ch

Malspam distributing AgentTesla:

HELO: smtp.safemail.it
Sending IP: 147.123.1.124
From: Kay.Li@domain.invalid>, Kay.Li@sgs.com
Subject: Re: revised invoice
Attachment: Revised invoice.rar (contains "Revised invoice.exe")

AgentTesla SMTP exfil server:
besco.com.sa:587

AgentTesla SMTP exfil email address:
al_ghamaz@besco.com.sa

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-05-05 23:17:58 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

14 of 31 (45.16%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=tckrbj5pqn5jshluomcgx66geg2cqimp2svo5tenytsjhedizrgq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 989510a7af837a991d7473046bfbc621b428218fd4aaeecc8dc4e4939068cc4d

(this sample)

AgentTesla

exe a3050d8f113122b35e9e839be3a6c7c4baa0cc74c986f91ea78ed6dba29bf72b

Dropping

MD5 8e6d4998e6793ad2a1b98ae61aa0c436

Dropping

AgentTesla

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 a3050d8f113122b35e9e839be3a6c7c4baa0cc74c986f91ea78ed6dba29bf72b

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample