MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d3388177d20ad55e13cd99c7ae60b9ae642daaf319c6c89216c6f44b5f917d46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d3388177d20ad55e13cd99c7ae60b9ae642daaf319c6c89216c6f44b5f917d46
SHA3-384 hash: f6441c2b134f8e86b3e6557e4696db7a569c0593f483e64768ebf04858b33daff7c27f221747b96800b9ae9efc81f1a1
SHA1 hash: 83ba838c683fb882ac2dc526fd4abcae6af7d713
MD5 hash: c6a2f583ba8a05e30c66e196df36a462
humanhash: foxtrot-happy-muppet-nevada
File name:SHIPPING DOCUMENT PL.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:394'916 bytes
First seen:2020-05-22 07:12:00 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:S9isL4XF8XQyDjQlvZg8jo99gp0SMBVFPAUOLp+6QOgzvP:yL4XF8XN/UvZg8cOGVFyLs6cDP
TLSH D584236E3569113AA7D50B42C39BF24601BE0EA7180A4E5CE81794EBDF15B7F48EB348
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: icefactor.ae
Sending IP: 103.145.254.227
From: Jozef Králik>jozef.kralik@icefactor.ae
Subject: SHIPPING DOCUMENT & PACKING LIST
Attachment: SHIPPING DOCUMENT PL.rar (contains "SHIPPING DOCUMENT & PL.exe")

AgentTesla SMTP exfil server:
1st-ship.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 05:48:27 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
30 of 47 (63.83%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar d3388177d20ad55e13cd99c7ae60b9ae642daaf319c6c89216c6f44b5f917d46

(this sample)

AgentTesla

Executable exe 974edc62c329ce314f5c8c745cd145779db4c5a5d46188def7351cf11be83eec

  
Dropping
MD5 e1c07e47e51d352fc3b6f026e05a6745
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 974edc62c329ce314f5c8c745cd145779db4c5a5d46188def7351cf11be83eec

Comments