MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9945bf23a859272ab1ed1a68c37a75f0609e1b43030a5fa6ef4d12e7641df825. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9945bf23a859272ab1ed1a68c37a75f0609e1b43030a5fa6ef4d12e7641df825
SHA3-384 hash: a517b499c8c76cb3a875066727baf0cfb1f77e7915c8fc322ecab5bbd8e2dc8499a55a025c46bf78657cfab2c8907d81
SHA1 hash: c0430c8b10da1d43a83e2d5c812c3c8597d9b33b
MD5 hash: fb2d6c0ed73855657d640f5a88b8145e
humanhash: romeo-batman-green-whiskey
File name:Order80703.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:821'581 bytes
First seen:2020-05-11 08:41:44 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:usax03kyKvl+HISkgd9n1o0NEfeYtelHq9ny:d9KvYoJgpo0N2XkHb
TLSH 1505338EC27D3A1C39E61E92F272AEDA0CF4F6DE4753A804E63FDE1891163761901D49
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: kenzjordan.com
Sending IP: 95.211.208.55
From: Mohammed Saleem <marketing1@kenzjordan.com>
Subject: New Inquiry: RFQ.NO_#7801
Attachment: Order80703.z (contains "Order#8548.exe")

AgentTesla SMTP exfil server:
mail.kteadubai.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 09:36:36 UTC
File Type:
Binary (Archive)
Extracted files:
26
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tfc36i5iletsvmpndjumg6tv6bqj4g2damff7jxpjujooza57asq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 9945bf23a859272ab1ed1a68c37a75f0609e1b43030a5fa6ef4d12e7641df825

(this sample)

AgentTesla

Executable exe b4207b682440113fab88288c35c84e6af33ba52aa5d82d0dcbc339c532672818

  
Dropping
MD5 9f52af692b997df95786dc14c22b8a44
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b4207b682440113fab88288c35c84e6af33ba52aa5d82d0dcbc339c532672818

Comments