MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aaf50495a2724667e05cf8eae75ec736ea9a843c1f34fe515d3df30ef29b6880. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aaf50495a2724667e05cf8eae75ec736ea9a843c1f34fe515d3df30ef29b6880
SHA3-384 hash: fca2233ed4659d5bf188e3f22b42dc353d09e7ec1de5c90370941c868b61b5024f9aa8c11e8dfa6096499fe660f06111
SHA1 hash: 13c0f4051457cef945077de1b08086e189f95cd3
MD5 hash: b94305fdd977e0d046d3d2d0980f8051
humanhash: enemy-undress-four-burger
File name:20200525.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:621'306 bytes
First seen:2020-05-25 08:17:22 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:RyVNlMzUaKgpQ9/KPU83PVyrF6EeE3/hYhQ/VFiuBBs:CbMzU0Q9/P83PVyBRVC2/by
TLSH E8D423F8C44E95AB2D36B67D4F6373228F8634765C03AADC3CC0159E1AA1B2066D779C
Reporter abuse_ch
Tags:AgentTesla rar Yahoo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sonic305-7.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.133.46
From: Production Aerospace <productionaero@raghuvamsi.co.in>
Reply-To: Production Aerospace <productionaero@raghuvamsi.co.in>
Subject: Fwd: Re: Re: Re: 26136 PI 20296629 SO 40129429 Order Balance Due
Attachment: 20200525.rar (contains "20200525~pdf.exe")

AgentTesla SMTP exfil server:
mail.mail15.cp247.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 08:36:19 UTC
File Type:
Binary (Archive)
Extracted files:
19
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar aaf50495a2724667e05cf8eae75ec736ea9a843c1f34fe515d3df30ef29b6880

(this sample)

AgentTesla

Executable exe 29248b93be8ee007445acd823729a34257c3a7e15ab45c2ae0b3e5a80512700e

  
Dropping
MD5 68157206167f8665256e925c1f3e4d00
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 29248b93be8ee007445acd823729a34257c3a7e15ab45c2ae0b3e5a80512700e

Comments