MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f12f75e8ca5a4c73ece81ce408122c76b7069f465cfb3ffd5dd2823551797982. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f12f75e8ca5a4c73ece81ce408122c76b7069f465cfb3ffd5dd2823551797982
SHA3-384 hash: fa5f515d30dce4e24140664bde49fabed141fdfb8e76bbea955ef5b76fc507d1787ef68a24e83afb7790ca5de17cfb49
SHA1 hash: 1106550e524787a34f1c2a5e3b75c5926cd4febe
MD5 hash: f155705643ef4e8e5e7fe15ec9113abd
humanhash: vermont-romeo-august-venus
File name:LUM CHANG, SINGAPORE, INVITATION TO TENDER FOR NORTH-SOUTH CORRIDOR PROJECT, SINGAPORE.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:942'023 bytes
First seen:2020-06-02 07:00:30 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:iz1Kgxdqi/zH0fj8OixX24z1Kgxdqi/zH0fj8OixX2d:C1j1Lw1ixXz1j1Lw1ixXK
TLSH D715238F78AA0DCD2BEB1019A4DCBF9E5D8595415B31F0B9EA59B283434F0842B7387D
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.haihongengineering.com
Sending IP: 162.241.215.127
From: James Huang <jameshuang@lumchang.com.sg>
Reply-To: James Huang <jameshuang@lumchang.com.sg>
Subject: FW: [LUM CHANG, SINGAPORE], INVITATION TO TENDER FOR NORTH-SOUTH CORRIDOR PROJECT, SINGAPORE
Attachment: LUM CHANG, SINGAPORE, INVITATION TO TENDER FOR NORTH-SOUTH CORRIDOR PROJECT, SINGAPORE.rar (contains "[LUM CHANG, SINGAPORE], INVITATION TO TENDER FOR NORTH-SOUTH CORRIDOR PROJECT, SINGAPORE.exe")

AgentTesla SMTP exfil server:
mail.suryatravels.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 07:37:04 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6exxl2gkljghh3hidtsaqermo23qnh2glt5t77k52kbdkulzpgba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar f12f75e8ca5a4c73ece81ce408122c76b7069f465cfb3ffd5dd2823551797982

(this sample)

AgentTesla

Executable exe 3be0077c6f64fbd2d0e432bc48a369f17242ba95e26c36bde1ef5c7cc4940b05

  
Dropping
MD5 44a0c63660758203b1a004db121945bd
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3be0077c6f64fbd2d0e432bc48a369f17242ba95e26c36bde1ef5c7cc4940b05

Comments