MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b84f59c36a4d2f53d3398a974e6eb3bb266b606e8705386fc729cf9c6b18a2a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b84f59c36a4d2f53d3398a974e6eb3bb266b606e8705386fc729cf9c6b18a2a9
SHA3-384 hash: ae9cbbedef6cf9f61010f43737fe5b2b4e145abbf0848a5104abc28d0f0fc19a7a3144c0c76439f030a89b36a2cbee3d
SHA1 hash: 93babe17391a73099863ac53ac149abe35cecc17
MD5 hash: 3fa921462b172fe74117fe829a7a1429
humanhash: early-three-music-sierra
File name:Statement of Account.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:411'903 bytes
First seen:2020-04-29 17:13:26 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:+Ukf5Yhd4jPSJrUrsXwhAxAfwvIbWFz+fa:+puhdIPSJrUrcwhApea
TLSH EA94230A4703D27EFA8C0A933566D46DE438BCF536D94C026C95B79E41326DED93ABC2
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp.safemail.it
Sending IP: 147.123.1.124
From: project manager <kong.ng@hempel-metals.com>
Reply-To: princepepsa241@gmail.com
Subject: Statement of Account/Ledger
Attachment: Statement of Account.rar (contains "Vw2ekrCTsTs3N8r.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587 (85.187.154.178)

AgentTesla SMTP exfil email address:
From: saco@flood-protection.org
To: saco@flood-protection.org

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 08:56:41 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xbhvtq3kjuxvhuzzrklu43vtxmtgwydoq4ctq36hfhhzy2yyukuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar b84f59c36a4d2f53d3398a974e6eb3bb266b606e8705386fc729cf9c6b18a2a9

(this sample)

AgentTesla

Executable exe 440772fb86f2519451345ac945704a6e135868b504f2cdac881f17f9d4bb8602

  
Dropping
MD5 ca27e4402389d86afbb02bcbe51aafac
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 440772fb86f2519451345ac945704a6e135868b504f2cdac881f17f9d4bb8602

Comments