MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 086b77dc24348ddf51288b09a03df2133a956941667b8740799e5a71278d2adc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 086b77dc24348ddf51288b09a03df2133a956941667b8740799e5a71278d2adc
SHA3-384 hash: 392c62668dd2663575cb3ad94be23861d62803e6a8597f81b75af855fbd157e1c6be896b6d4de0be81aeaa352e02270e
SHA1 hash: 8595577e71e694f8a7696c641298e9852b960b9c
MD5 hash: 4125d59149eae808d28f1f1feed8cd43
humanhash: mike-may-high-mockingbird
File name:RFQ EPSCC-2LNG.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:413'811 bytes
First seen:2020-06-16 05:04:58 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:nBDHQA1dx8znp7guapWqbiX2HDmM993Cw9s0Ks:nxHPdxSp7+ioqM993C5ps
TLSH F794230DF2D8E0B9FED352713DAADFDA11C01483F218A1A99952EB2A00B89DB851DD71
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: becoman.com
Sending IP: 209.58.149.66
From: Manoj Kumar G. <nnanoj.civil@becoman.com>
Reply-To: engineering.c@becoman.com
Subject: Inviting offer for Piling & Soil Improvement_ Sohar LNG Bunkering Project - EPSCC-2 (LNG)
Attachment: RFQ EPSCC-2LNG.rar (contains "RFQ EPSCC-2LNG.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 05:06:08 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bbvxpxbegsg56ujirme2appscm5jk2kbmz5yoqdztznhcj4nfloa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 086b77dc24348ddf51288b09a03df2133a956941667b8740799e5a71278d2adc

(this sample)

AgentTesla

Executable exe 9ba436351aa2ed6aa1c478d716b2b5e2dd6b6141c14aa8ded5089ed6951b9426

  
Dropping
MD5 901e18e2e9282a47cfe6bbd53fc5b864
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9ba436351aa2ed6aa1c478d716b2b5e2dd6b6141c14aa8ded5089ed6951b9426

Comments