MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 abc2d7fa99f79a91a5ec6d438fee439424672b51a3bc0c2869432466e1f1e6e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: abc2d7fa99f79a91a5ec6d438fee439424672b51a3bc0c2869432466e1f1e6e1
SHA3-384 hash: c2fe932a12fdf6bd3f785dd08061ab198ec3d12447bf16f382927eb8cc29ef7251167bc7d1c0f9d52be830d079443c23
SHA1 hash: 439487b5500513803fb2a2c71990d355d66e32b5
MD5 hash: a8a7584d82628bd1d920c1561034c1c1
humanhash: carolina-speaker-alanine-magazine
File name:ORDER.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:351'433 bytes
First seen:2020-05-19 06:27:45 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:7CqDgnljWj4YNPGUnkIXDZStNAZ4wYaGp9rwEaqhnvrQlkg2DpcWmvKN5QRDVGq8:JDgljWj9NeUnkIXIZaG5ZDn+25QRDtqd
TLSH A3742330A40227CEA1C3BF3BEF6BE0AD1C74564394F155233D419B25D6CA49E87B970A
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.nevasys.com
Sending IP: 81.23.104.214
From: KIM <info@toyohashi.ed.jp>
Reply-To: abs000010@outlook.com
Subject: New Order Request
Attachment: ORDER.rar (contains "ORDER.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 06:36:59 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vpbnp6uz66njdjpmnvby73sdsqsgok2ruo6aykdjimsgnypr43qq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar abc2d7fa99f79a91a5ec6d438fee439424672b51a3bc0c2869432466e1f1e6e1

(this sample)

AgentTesla

Executable exe 662e434ffc2542e1d89c3ff9433eacbd50e235a8ce50072f675f5010a422c73c

  
Dropping
MD5 851658358f9681b7138ca92cad5591f5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 662e434ffc2542e1d89c3ff9433eacbd50e235a8ce50072f675f5010a422c73c

Comments