MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df9c84db2efe2030da7387e03f7fe4f4d11ce489117399b5b8aecdc8a85d03cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df9c84db2efe2030da7387e03f7fe4f4d11ce489117399b5b8aecdc8a85d03cd
SHA3-384 hash: bc072234a2903e4d96d7f00f6cb6942af07c76b05155edd03a0164a6614483c001bf77496ffd024c9550b9335aeadf52
SHA1 hash: 16eabf013af16338c580f0fac55ccd2da7d6495b
MD5 hash: 6e1aaddd214a032c95ddccd512efbf58
humanhash: tennis-north-video-cola
File name:JUNE_QUOTATION7724_210520RFQ_NEW_OFFER_SAMPLE_AZN_O_M_Company.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:409'340 bytes
First seen:2020-05-23 11:10:55 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:j1o80v6l7zpi1CkBdR7K7I5ptBSum683gJF:xoYzpMCwdR+05ptB7m6Qg
TLSH 029423FDFCC93421060869A200635D6CE22A5D89A476F9FA36F17133F5F1E896D0D276
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: juchansolutions.pw
Sending IP: 173.82.168.118
From: Saud Abdulaziz Khalaf Alsharrah <info@juchansolutions.pw>
Subject: JUNE QUOTATION
Attachment: JUNE_QUOTATION7724_210520RFQ_NEW_OFFER_SAMPLE_AZN_O_M_Company.arj (contains "JUNE_QUOTATION#7724_210520RFQ_NEW_OFFER_SAMPLE_AZN_O_M_Company.exe")

AgentTesla SMTP exfil server:
smtp.iotoils.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-23 02:04:28 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj df9c84db2efe2030da7387e03f7fe4f4d11ce489117399b5b8aecdc8a85d03cd

(this sample)

AgentTesla

Executable exe f96f26859a0e34567a6042ef891e59c27a62f6630d9211be0bbbcac749efe988

  
Dropping
MD5 d36dbae8a914744662588288091d9e39
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f96f26859a0e34567a6042ef891e59c27a62f6630d9211be0bbbcac749efe988

Comments