MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad04f26ce18183b7194290c58509ebf7f76ad9a9df1505ef5f999c53e9842a41. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ad04f26ce18183b7194290c58509ebf7f76ad9a9df1505ef5f999c53e9842a41
SHA3-384 hash: 6588fcd42e10f9361dc8f830bcbb12206eb5d1e24b567ec7d2501539d4f3782ed24199a64d8c9bfb01e8858682913046
SHA1 hash: f006f423777acb6a73db947f26baf008e40c9d3c
MD5 hash: 67270858fc4b2914990d2ef2d5a3c476
humanhash: india-north-sodium-avocado
File name:PO9087734_Pdf.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:348'652 bytes
First seen:2020-05-12 15:53:07 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:n/g/qD8SuCLr7Z8qbxPkO30NX5GWWSFnc6ooeWAatNp5sU6kanegsoIozHqf/TVq:/g/G8Ar6QxPSIWWfDWVNp5AkZgOo2g
TLSH A07423D239DAFF2ADF720B7745018024860CA2B6FE63F2FD189A6052D5CBC7F9A51006
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: bosmailout10.eigbox.net
Sending IP: 66.96.187.10
From: Luis Flavio <office.office@addallelectric.com>
Subject: P/O NO-9087734
Attachment: PO9087734_Pdf.r00 (contains "MS111.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 03:04:28 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vucpe3hbqgb3ogkcsdcykcpl673wvwnj34kql327tgofh2mefjaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 ad04f26ce18183b7194290c58509ebf7f76ad9a9df1505ef5f999c53e9842a41

(this sample)

AgentTesla

Executable exe 498c8d8beebceb314b046ebd5bd373505b4288bf855e2b1d15a0a2d432dc8990

  
Dropping
MD5 28e9a5dff74bcdcddb5da5d5eda51ef5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 498c8d8beebceb314b046ebd5bd373505b4288bf855e2b1d15a0a2d432dc8990

Comments