MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99eb766e188edcf8fabca55290126dd0224b546c93dfacd7e432e83df5677217. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99eb766e188edcf8fabca55290126dd0224b546c93dfacd7e432e83df5677217
SHA3-384 hash: 2ca055558bf85d8931816bf9fd816a949149357be8cbd9fe262e1c051aca71f9a957afe6b7765ecdd87292aa510a973c
SHA1 hash: a346cb180f85897cf606b2bd110571c072c012b9
MD5 hash: 3031f92624625ef23fd52933af574b12
humanhash: table-missouri-iowa-white
File name:RFQ.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:469'393 bytes
First seen:2020-05-07 06:41:07 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:4MyTLyClWxGI9Jjkc/qjA4fp3ZRgpj352A25XHzH:+Ti99H/0xhJ6pf2pTH
TLSH 61A423BA97864100AED82C15C00F4765CA27F3FDCA85D3907A0E3E87FE710F69AA254D
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mec.com.jo
Sending IP: 198.23.210.131
From: Mohammed A Sayeed <mayyadah@mec.com.jo>
Subject: URGENT RFQ- GACA 2020 PROJECT REF: 2211342
Attachment: RFQ.7z (contains "lbW2raPRAYI9cLe.exe")

AgentTesla SMTP exfil server:
smtp.lettu.us:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 00:56:26 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=thvxm3qyr3opr6v4uvjjaetn2arewvdmspp2zv7eglud35lhoilq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 99eb766e188edcf8fabca55290126dd0224b546c93dfacd7e432e83df5677217

(this sample)

AgentTesla

Executable exe a4a5d42b2ea9f98c93d25d7762da6f28bd90c6f4b1ec75311b6bca3d4d4bdeef

  
Dropping
MD5 1a905d2e69d78f7c9193ac7fd18fa2ec
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a4a5d42b2ea9f98c93d25d7762da6f28bd90c6f4b1ec75311b6bca3d4d4bdeef

Comments