MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4f919b64d7595095678796d2cd9fc391c00bc59ebaf6dbdb534ee9782a57d0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c4f919b64d7595095678796d2cd9fc391c00bc59ebaf6dbdb534ee9782a57d0e
SHA3-384 hash: 7050cb2ac9e8cced19be760ecce9f5c3dd92e9a67ccbafecf2288fbb1e564cf0230eb39d29ec277e7af3fcfbe4dcf1b9
SHA1 hash: 2328ac6309a7dba9bd47230254813aa343af2cbe
MD5 hash: 65f122d407c7ee48e6667cf7670b733d
humanhash: early-artist-july-paris
File name:QUOTATIONS.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:275'525 bytes
First seen:2020-06-03 11:22:55 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:wL5IAM84jE1haG/lTafyEnlWZm8VYsdU+BhS45+PMEiF:AhM8IG/lTafhlOjVr2SIPaF
TLSH 6A4423353362475E569D28AADA5417FB829BC2E6E8CD382095297E15C21F0C8DFFB06C
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.almanar-group.com
Sending IP: 85.187.140.185
From: Hangzhou Chinastars Reflective Material Co.Ltd <Yuan@akadiamondtools.com>
Reply-To: kate.wang@aus-home.com
Subject: CONFIRM PAYMENT AND QUOTATION!!!
Attachment: QUOTATIONS.arj (contains "QUOTATIONS.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 11:37:59 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yt4rtnsnowkqsvtypfwszwp4heoabpcz5oxw3pnvgtxjpavfpuha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj c4f919b64d7595095678796d2cd9fc391c00bc59ebaf6dbdb534ee9782a57d0e

(this sample)

AgentTesla

Executable exe 61bff8d9b21330892bfc05bb7781cc1ccc4ba4af876600bfd657da800a608def

  
Dropping
MD5 47ed968f2c320a47f063275ef520684b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 61bff8d9b21330892bfc05bb7781cc1ccc4ba4af876600bfd657da800a608def

Comments