MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7f1090449a4a16e9f126c83457735188cf349cdf216a186ac46d946be90e5bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a7f1090449a4a16e9f126c83457735188cf349cdf216a186ac46d946be90e5bc
SHA3-384 hash: 0021e2a2ec09009eb942ab4584e6533a788f8fcfce0548dceecd0993dff60c3e3915cc19cee5faa799c19c39e72ddade
SHA1 hash: 7874afe0b199f0cc06633e0a8a85c69400f5c960
MD5 hash: 7f69aaf70d845535890b4081c9ccaee7
humanhash: lima-louisiana-east-alanine
File name:NEWORDER.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:344'434 bytes
First seen:2020-05-04 20:24:12 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:iDSfhPejgMnILkcvuYlpbfpahM8pcEMQuUlTlBEXtBd/VdbDE31UJxgLO:ESRejgMnILkoBdeM8pcELPlBEXtT/bDv
TLSH 437423542E08E8B6D18A8E3A12242B4E2DCFF52E1D0D44EA32FD29D91BC47F7F275149
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vs-william2019.uk.syrahost.com
Sending IP: 176.74.30.2
From: East West Co <postmaster1@dks.com.tw>
Reply-To: abs0000100@hotmail.com
Subject: New Order
Attachment: NEWORDER.rar (contains "NEWORDER.exe")

AgentTesla FTP exfil server:
ftp.cleanprolaundryparts.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 20:36:00 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=u7yqsbcjusqw5hysnsbuk5zvdcgpgson6ilkdbvmi3munpuq4w6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar a7f1090449a4a16e9f126c83457735188cf349cdf216a186ac46d946be90e5bc

(this sample)

AgentTesla

Executable exe 48ff192194ef184df0c18730412aa21cfb257c3ebe17651320d9d54148fba8cf

  
Dropping
MD5 64ce6d7a1aa0c594e7759595e7fc8286
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 48ff192194ef184df0c18730412aa21cfb257c3ebe17651320d9d54148fba8cf

Comments