MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5a31c6b83194570fa136f1904b555c5308d65616b4341bf4436565f4fc3ade4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f5a31c6b83194570fa136f1904b555c5308d65616b4341bf4436565f4fc3ade4
SHA3-384 hash: 48a4f40dc62ce4d8172d68afd8ce42231039a07415df319ff8c20bbb2a1c6bb482a3c0514cc9c0488d48ba259e79d1b2
SHA1 hash: 5f2b059e3078a48086e9f454222a4c3b8a9b06ca
MD5 hash: 4bd2ed37b2de23f5d05c3bfc6b0cb3d3
humanhash: missouri-sad-kansas-sad
File name:NEW PURCHASE ORDER.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'441'792 bytes
First seen:2020-06-01 19:47:59 UTC
Last seen:2020-06-02 05:46:10 UTC
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:nRhRgsIhNX28LpNqOoX0tcM0zbTkdfL8A2MKFWbyFI4K2ab9fEWBhWN863gpn4Q3:RhRgsIhdNqx5TkBLnqFWbUD
TLSH 6F655CA9336072EEEB63E0F2DD6C1D20E520E8FF874A750A5313356A5A1C456DF360B6
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: bufori.com.my
Sending IP: 103.125.189.227
From: info@bufori.com.my
Subject: FW: NEW PURCHASE ORDER
Attachment: NEW PURCHASE ORDER.IMG (contains "NEW PURCHASE ORDER.exe")

AgentTesla SMTP exfil server:
mail.guddupak.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 18:55:00 UTC
File Type:
Binary (Archive)
Extracted files:
20
AV detection:
18 of 47 (38.30%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6wrry24ddfcxb6qtn4mqjnkvyuyi2zlbnnbudp2egzlf6t6dvxsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img f5a31c6b83194570fa136f1904b555c5308d65616b4341bf4436565f4fc3ade4

(this sample)

AgentTesla

Executable exe 90fa5a3941f4144cb63e53ebc50df087b6409cba798ef3723ff7aef0cc597602

  
Dropping
MD5 ee0845dcb35f123fd8283d1cf4611a9b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 90fa5a3941f4144cb63e53ebc50df087b6409cba798ef3723ff7aef0cc597602

Comments