MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3627aba9337c20cd753ccd24a241e82d2ff375709a3412525abd56f7dbc9fdd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3627aba9337c20cd753ccd24a241e82d2ff375709a3412525abd56f7dbc9fdd
SHA3-384 hash: 4fb8c5e2d8341ffdb61ddfffaefd2e46028ee07b1096196ac0aa4adc7e105875c7c5a3cb6c1e73834dd8045eee3a0285
SHA1 hash: 6e8b5bbd306bec060a97f6f54943e1a8f86ba4c3
MD5 hash: 2e470dc99f14e1117ba1878b8f082568
humanhash: johnny-item-march-quiet
File name:Petrofac Sdn Bhd invitation to bid.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:865'306 bytes
First seen:2020-05-15 07:31:03 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:RnEGJy6/olFei/QpBGPXk/QWFwQR8u4JJ/T0PUTunEGJy6/olFei/QpBGPXk/QWQ:CGJf/Li7U/vwPOUlGJf/Li7U/vwPOUz
TLSH 7F0523C29F0492463184A98B3A139BC01C3360EAED575C87FD5DC6B1577CA8BA34D6FA
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: "Aidan Liew" <aidanliew.87@petrofac.com>
Reply-To: "Aidan Liew" <aidanliew87.petrofac@mail.com>
Subject: Petrofac RFQ:793846 - PETRONAS’ Refinery and Petrochemicals Integrated Development (RAPID) project
Attachment: Petrofac Sdn Bhd invitation to bid.rar (contains "Petrofac Sdn Bhd invitation to bid.exe")

AgentTesla SMTP exfil server:
mail.alvadiwipa.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-15 07:36:20 UTC
File Type:
Binary (Archive)
Extracted files:
36
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=unrhvoutg7bazv2tztjeuja6qljp6n2xbgrucjjfvpkw67n4t7oq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar a3627aba9337c20cd753ccd24a241e82d2ff375709a3412525abd56f7dbc9fdd

(this sample)

AgentTesla

Executable exe 23d9487f480403a4441c00198ae2b8598b5f293ceff6f6b3d97e2d82a438ce9a

  
Dropping
MD5 76d7e47a080f18644c4938e9d17abfe6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 23d9487f480403a4441c00198ae2b8598b5f293ceff6f6b3d97e2d82a438ce9a

Comments