MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f896e754f828e5c1b454116f060cb5c2ec42807f7918bbbf1f6d21bad9a8f67a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f896e754f828e5c1b454116f060cb5c2ec42807f7918bbbf1f6d21bad9a8f67a
SHA3-384 hash: 95d01734f680921e3cd1a5d37c8a8107c15b8c06254aebd94c692f4785f5eb1f73ad63b76cab3045576fa2773fe5bfe7
SHA1 hash: 2899937664bf721fb1f39a2080722dd7408ca5de
MD5 hash: 576cdb020d980525866d2e922b7be6ee
humanhash: cold-twenty-don-berlin
File name:Delivery and parking list.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:916'778 bytes
First seen:2020-05-13 06:16:02 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:UchOW33Cm012orO1I7DRrkPSipP03qZqA:nv2176C7Dips3qZqA
TLSH 31153323597CB5A9334309ADC3C47CE14BF9240E5893ABF4E3C85D7D46D483A88B6B98
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hosting12.ji-net.com
Sending IP: 203.130.149.250
From: pampa <rosaroca70@gmail.com>
Subject: Delivery note/ Parking list March 2020
Attachment: Delivery and parking list.rar (contains "Delivery and parking list.exe")

AgentTesla FTP exfil server:
desguacespalomino.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 06:37:25 UTC
File Type:
Binary (Archive)
Extracted files:
294
AV detection:
15 of 31 (48.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7cloovhyfds4dncucfxqmdfvylwefad7pemlxpy7nuq3vwni6z5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar f896e754f828e5c1b454116f060cb5c2ec42807f7918bbbf1f6d21bad9a8f67a

(this sample)

AgentTesla

Executable exe 5cc2da9649ceac73f18ef6fe03add950641f8ccf871d325144628595f83f4da1

  
Dropping
MD5 82750a51696e3e2a222a5d6c2233de98
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5cc2da9649ceac73f18ef6fe03add950641f8ccf871d325144628595f83f4da1

Comments