MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef14c04357ab1b9fabd4f11d838b55dea45d9a900d4f0292b53150410d0e2677. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef14c04357ab1b9fabd4f11d838b55dea45d9a900d4f0292b53150410d0e2677
SHA3-384 hash: eaf41d3356cd268f42ee760a843b1ab64955fb17fc5a80f758174652dbca7f3c1938807e23af5109a75d42e2c282eadc
SHA1 hash: 2d6eb648467385b2ef19c6d9a9554fde179ee84c
MD5 hash: 12aef547028e66473655d5324514e464
humanhash: ack-bacon-carolina-sink
File name:Profoma and bank details.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:809'304 bytes
First seen:2020-05-11 12:26:54 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:pmdlq5jxbbW5uqelizmNmZtCxeUiPmzVvX73it:pQuku7liqy0xfPot
TLSH BE053352A3097D1929358E54EF26A1F11111BEFF899C72F7FE38C6B03269DC45AC4628
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: qproxy5-pub.mail.unifiedlayer.com
Sending IP: 69.89.21.30
From: Mrs Lisa Marlene <info@sanliilac.com>
Subject: ORDER READY
Attachment: Profoma and bank details.rar (contains "mpUN2haQz3Hh396.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 12:35:44 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=54kmaq2xvmnz7k6u6eoyhc2v32sf3guqbvhqfevvgfiecdioez3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar ef14c04357ab1b9fabd4f11d838b55dea45d9a900d4f0292b53150410d0e2677

(this sample)

AgentTesla

Executable exe f058f245d06f4d059132d2b9e90f84a332d0471ff0c421d49ca828d76874b8f3

  
Dropping
MD5 b616ebc834b650fee67ce3e99095dc6f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f058f245d06f4d059132d2b9e90f84a332d0471ff0c421d49ca828d76874b8f3

Comments