MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14653a1995c1e537b592e42c5803dcec697c83d752942dad20484016cff32cc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 14653a1995c1e537b592e42c5803dcec697c83d752942dad20484016cff32cc9
SHA3-384 hash: 80f58c5920e0201748f631ffe8f9dd186edb9f8316b8f6354b490db4d89cfd579f1f9b91c68d621327729001314b2391
SHA1 hash: d8c3fb0fcfb63af829fedec8ba35e46f37798031
MD5 hash: ea9f6af88195846faf984b7da11577c6
humanhash: steak-mars-april-uniform
File name:NEW ORDER.PDF.rar
Download: download sample
Signature AgentTesla
File size:377'000 bytes
First seen:2020-06-30 13:13:50 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:wx4tC/vLWMzHqGolShWjlaw3xOOHuHIaD7ekm31GIHmvbObI:JtwLWMzUlaFwhZHUIaDg3HOSI
TLSH A984234ABC34A67912DB891F2C7E389C936CEB71F8CC576329587636914588DDF2C2B0
Reporter @abuse_ch
Tags:AgentTesla rar


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: zita.lobocom.es
Sending IP: 213.162.200.38
From: Kassem Ahmed <purchase@darwish-tdg.qa>
Reply-To: a.rehman@revo-moto.com
Subject: NEW ORDER #60152
Attachment: NEW ORDER.PDF.rar (contains "NEW ORDER.PDF.exe")

AgentTesla SMTP exfil server:
webmail.crafttechcuttingtools.com:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 27
Origin country US US
ClamAV No detection
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/14653a1995c1e537b592e42c5803dcec697c83d752942dad20484016cff32cc9/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 13:15:08 UTC
AV detection:13 of 30 (43.33%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 14653a1995c1e537b592e42c5803dcec697c83d752942dad20484016cff32cc9

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments