MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a520d4a900d366e9d65e720daf5b3092d3bc729715047c0b88e0edc0536898c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a520d4a900d366e9d65e720daf5b3092d3bc729715047c0b88e0edc0536898c1
SHA3-384 hash: db9e7bb76b4c7c00f020d6ff8406ab756a046c4ec63136ac227d772ead53b8495d12fd6c90e33f1f3af196add38ce72a
SHA1 hash: b346c615a708ffc2f68cbccf91b3ff8dcee7f042
MD5 hash: 1255bae45146279f155c7690f5fe5af0
humanhash: one-october-vermont-coffee
File name:NUMERÃ RIO.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:566'905 bytes
First seen:2020-06-01 20:12:24 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:aJ+QbEiFM02b+V/kAariF3p4/9+e8YsumX4ydVhJ:oPoiFM8M1irSdmX4yb3
TLSH C9C423119AE9FB3E98B4AF5DC54B2C4A33C74E3353997A41BE25C5288112D0C3B0EE5B
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: fax.local
Sending IP: 118.99.229.12
From: Chia Hui Trading Co <info@chia-hui.com.tw>
Subject: RE: PROFORMA E CONTRATO - MODIFICADOS- 3A19W0709 (WEN16261901305)
Attachment: NUMERÃ RIO.rar (contains "NUMERÃ RIO.exe")

AgentTesla SMTP exfil server:
smtp.epaindemgroup.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 20:36:21 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uuqnjkia2ntotvs6oig26wzqslj3y4uxcuchyc4i4dw4au3itdaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar a520d4a900d366e9d65e720daf5b3092d3bc729715047c0b88e0edc0536898c1

(this sample)

AgentTesla

Executable exe 55c8431ec97f76b7a9d9d7d6d516f62fd7f508441220e44598591ad0b56978f5

  
Dropping
MD5 0044d80ba1184be90ee9246ab557a78e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 55c8431ec97f76b7a9d9d7d6d516f62fd7f508441220e44598591ad0b56978f5

Comments