MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a039a31d078e7fb160ddcb3759b69f5d6107f3963151ba79662851cd5199e872. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 4 Yara Comments

SHA256 hash: a039a31d078e7fb160ddcb3759b69f5d6107f3963151ba79662851cd5199e872
SHA3-384 hash: d4b406669d80f27972604c69cb3b0768d0d9ee70dfe57fb219b9d7486cd0a9f866b390c2a5a8ae84ed91f9c6191e65d9
SHA1 hash: bc0482b6a1a160d80c398d56c6113764aae3f94d
MD5 hash: 4d68ab4e1fbe81e528bdbb669a3d1eb8
humanhash: hydrogen-juliet-nuts-magnesium
File name:PO 002983....r11
Download: download sample
Signature AgentTesla
File size:396'670 bytes
First seen:2020-06-30 09:05:40 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:OpFeZREwSb20db+EH2t3CPPP3PnP8A5zMWxwu1ap4esM3LHy6RqXRkwW:OpcbEwS6w+3+/nPDdMWKaayesqDnRqhG
TLSH A084238EC23A17BFCA4E4458E1ED50E80753687B942541ACC28ADCC0CF5F19FFD195A9
Reporter @abuse_ch
Tags:AgentTesla r11

Malspam distributing AgentTesla:

Sending IP:
From: Rajika Sampath (MAS Legato) <>,
Subject: QUOTE
Attachment: PO 002983....r11 (contains "PO 002983.....exe")

AgentTesla SMTP exfil server:


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 32
Origin country US US
ClamAV Sanesecurity.Malware.27121.RarHeur.NoDP.UNOFFICIAL
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Androm
First seen:2020-06-30 09:07:04 UTC
AV detection:14 of 31 (45.16%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 8.06%

File information

The table below shows additional information about this malware sample such as delivery method and external references.



rar a039a31d078e7fb160ddcb3759b69f5d6107f3963151ba79662851cd5199e872

(this sample)

Delivery method
Distributed via e-mail attachment