MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a536ea5df7225136bd421c45931b66a9015f969320aaa681839ff019acc1f8ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a536ea5df7225136bd421c45931b66a9015f969320aaa681839ff019acc1f8ee
SHA3-384 hash: 43766981858e55ebe494b6f0e0234976958fb11116a50a1945bbe10f08299a1832098152a5a93611d4d1f0464e10a1b9
SHA1 hash: 6d35f4283a8688b7f8b8c160e2d8fadd6ec39d70
MD5 hash: 70e3a46d7c870c48d0a509d4d4514c0e
humanhash: music-triple-winner-missouri
File name:Sample672894.Scan.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:393'078 bytes
First seen:2020-05-14 06:00:42 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:11d2zBkoruXvLFif/e1NQhrNbbzpnrGlbW9qn30r5JAkEIZtmYcSSB2:3d2KoCDFiuLQF5xrjO6uHINdS8
TLSH 088423799DB7D8935EE3D0E059CC3C7023D9A9DC9D44527A47202788F887620E3E6BB9
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vps.irignool.com
Sending IP: 45.95.169.153
From: Daisy Yang <info@irignool.com>
Subject: Confirm Availability Order EMES 672894
Attachment: Sample672894.Scan.rar (contains "Sample#672894.Scan.exe")

AgentTesla SMTP exfil server:
mail.dehydratedoniongarlic.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 06:37:15 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uu3ouxpxejitnpkcdrczgg3gveav7futecvknamdt7ybtlgb7dxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar a536ea5df7225136bd421c45931b66a9015f969320aaa681839ff019acc1f8ee

(this sample)

AgentTesla

Executable exe 6ac4e47540236465676fe7929462d4b31124fe029cb9f85a55fd38d66d6fa481

  
Dropping
MD5 c7a9ee5ed40061f3f4d78af691557582
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6ac4e47540236465676fe7929462d4b31124fe029cb9f85a55fd38d66d6fa481

Comments