MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e09a12b91ec3a3b40949222f2177ac2669a9b569533aaf1444db229234c4c51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e09a12b91ec3a3b40949222f2177ac2669a9b569533aaf1444db229234c4c51
SHA3-384 hash: 01453f719deffa97f403117a0e517d4ad77625c1246bb101cd90787742c5f8b4eaa9b6b130b5cbebecd873acfd724917
SHA1 hash: 095f8840c2de15c92f2e58d171093ee4c8c7a1d1
MD5 hash: d5c452ee2f616ed3681125ba036a236c
humanhash: washington-echo-social-timing
File name:INVOICE NO2058,2057.r11
Download: download sample
Signature AgentTesla
Create hunting rule
File size:390'444 bytes
First seen:2020-05-13 11:11:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:9wJw/ayZi2icAyXDlOQvEK2cK+F+D9jvqNRQvmvo5Kkz2hpH/fTSG3a7w9F0:9wMHa8VV2m+lqNRQvGo5HiPTf3BF0
TLSH FB8423F2E5E06A3791D137EB52E397AE0546D426F20336A43EC9177D731FC602A2B918
Reporter abuse_ch
Tags:AgentTesla r11


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hmc-3.com.pk
Sending IP: 176.123.7.98
From: purchase <purchase@hmc-3.com.pk>
Subject: RE: OUTSTANDING PAYMENT INVOICE NO#2058,2057
Attachment: INVOICE NO2058,2057.r11 (contains "INVOICE NO#2058,2057.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 11:36:52 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
19 of 31 (61.29%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bye2ck4r5q5dwqeusirpef32yjtjvg2wsuz2v4kejwzcsi2mjriq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 0e09a12b91ec3a3b40949222f2177ac2669a9b569533aaf1444db229234c4c51

(this sample)

AgentTesla

Executable exe c715a1f063c00f968ee5f5134a8bc089a336784c534bb006c1559be01ad5c35a

  
Dropping
MD5 0786d4fc24443f2b8ff0e0b64fd3bea2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c715a1f063c00f968ee5f5134a8bc089a336784c534bb006c1559be01ad5c35a

Comments