MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f5299029d83436298cfdd1bdcf4728d178fcd0cf1e570c8b5478a66296a1762. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f5299029d83436298cfdd1bdcf4728d178fcd0cf1e570c8b5478a66296a1762
SHA3-384 hash: 42c06e6262db83da64fbe88a1a9eebec02e4bd369a2fe3816ea76abf3f8b5d43117d3fe1cf32c88c5a607108e5aa45b3
SHA1 hash: a46db2daed855e40e416174e72762e317a7020c8
MD5 hash: f7ccaa4d628eee70b4e95ea13d76c2f7
humanhash: jersey-fish-william-cola
File name:image008_冷凍海鮮太平洋羅非魚魷魚扇貝乳魚鯖魚秋刀魚詳情和2020年新訂單的規格.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:420'718 bytes
First seen:2020-06-29 12:43:26 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:/mx/WuRTsr9CKchTAgGq4JqZRKmqrvsd9hf/DINHxX4y6AVLt5BwDxsU0o:exlvVAnq4Jq5qr099/DMxxxBE9
TLSH 2C94233FF75BA8EB764B403A21587CCCA5B344776090D0E9B194272AFC7EEC026E9546
Reporter abuse_ch
Tags:AgentTesla CHN geo rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cloud.criticalserver5.net
Sending IP: 140.82.30.135
From: humberto.elizondo@bwplazamonterrey.com
Subject: Re: Waiting For Quotation (RFQ)
Attachment: image008_冷凍海鮮太平洋羅非魚魷魚扇貝乳魚鯖魚秋刀魚詳情和2020年新訂單的規格.rar (contains "image008_冷凍海鮮太平洋羅非魚魷魚扇貝乳魚鯖魚秋刀魚詳情和2020年新訂單的規格.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9f5299029d83436298cfdd1bdcf4728d178fcd0cf1e570c8b5478a66296a1762/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 12:45:06 UTC
AV detection:
15 of 31 (48.39%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=t5jjsau5qnbwfggp3un5z5dsruly7tim6hsxbsfvi6fgmklkc5ra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 9f5299029d83436298cfdd1bdcf4728d178fcd0cf1e570c8b5478a66296a1762

(this sample)

AgentTesla

Executable exe afd55146941068acb854bdbf066be980a0f288e8b687cf544e35e27b6f970bd4

  
Dropping
MD5 e31abc376f4e5a568c0af79c1eed1fc5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 afd55146941068acb854bdbf066be980a0f288e8b687cf544e35e27b6f970bd4

Comments