MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 162c036ca95919c3e108867142be132569f5b346fe98df4848d9ccf96bc08a76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 162c036ca95919c3e108867142be132569f5b346fe98df4848d9ccf96bc08a76
SHA3-384 hash: 09563f2d0ce6fa88d83a3441a762800e30bb57a0544440f26a9ab3baf707377441b474fcb4455da377401fd46378b001
SHA1 hash: bd159ba2bd664fd9cf01dd02bbcd0748a9b925fb
MD5 hash: d4a17a8ebe3ee85bfeb7f9db6ced5639
humanhash: magazine-steak-neptune-whiskey
File name:FACTURA ABRIL.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:386'649 bytes
First seen:2020-05-19 14:22:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:FKolWTiUzrS0DVr/pPRSRl1IJIrTDxe9K5qu93csnVnRVh4I8OdeigTUsXy+qtd+:9+3XVrtRSR5TDeK5d9MsnVRVZSgM8W
TLSH BB8423A0D775693DAB33A2979871C84CA20E65EB07BD321C1DC8FA5AA77D431ED84703
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: srvweb01.prognatus.pt
Sending IP: 151.236.32.243
From: Enric Mata <e.matta@eternitytechnologies.es>
Subject: Factura de abril
Attachment: FACTURA ABRIL.rar (contains "FACTURA ABRIL.exe")

AgentTesla SMTP exfil server:
mail.segimar.es:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.49052.20349.10102.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 12:12:59 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cywag3fjlem4hyiiqzyufpqtevu7lm2g72mn6sci3hgps26arj3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 162c036ca95919c3e108867142be132569f5b346fe98df4848d9ccf96bc08a76

(this sample)

AgentTesla

Executable exe 900bf6c4cdf55297d7b0a205bf3cc771763bd163cdea9351080fb01714f4fc7d

  
Dropping
MD5 355ef144068e962287ace0c6b449ea0f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 900bf6c4cdf55297d7b0a205bf3cc771763bd163cdea9351080fb01714f4fc7d

Comments