MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19c7a872bb1f647c7460ffee9eef38fe244d6e83301324890aa8b17b1fd1aa46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19c7a872bb1f647c7460ffee9eef38fe244d6e83301324890aa8b17b1fd1aa46
SHA3-384 hash: 6d99e7ea6b70d74440c54ef9d34a40afc85394e38d30c1da4dfca9f70624bae5cfce191b9a8cec3a07b163aace06d248
SHA1 hash: 0626e0f28f758dd6dba2102d262a01cb94fbcd03
MD5 hash: 9bd5fa08ed4d7a9e7d87efdc30e8476f
humanhash: red-potato-artist-florida
File name:Pallex ITALY_74648 PO.doc.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:477'174 bytes
First seen:2020-06-02 08:37:23 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:K3/6ZPK3MLi5Gd5my737At9FOikECLFOv0sxosVJ9:U4WZ54T7AlOFLYcih
TLSH 6DA42392A05A30A58838878DBCD2BD567F14048FD9E33AC37797D547EAA42873C58BF1
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: zimbra207.megavelocity.net
Sending IP: 192.206.6.182
From: Alejandro-Pallex ITALY <sandeep.kumar@budget1.in>
Reply-To: Alejandro-Pallex ITALY <pallex@italymail.com>
Subject: Re: inquiry - PO QX 3746_ITALY..
Attachment: Pallex ITALY_74648 PO.doc.rar (contains "Pallex ITALY_74648 PO.doc.exe")

AgentTesla SMTP exfil server:
premium57.web-hosting.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27215.RarHeur.nocdb.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 09:36:10 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dhd2q4v3d5shy5da77xj53zy7yse23udgajsjcikvcyxwh6rvjda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 19c7a872bb1f647c7460ffee9eef38fe244d6e83301324890aa8b17b1fd1aa46

(this sample)

AgentTesla

Executable exe e4a2f0fc57afb3f08bc128e0653b8c8d82651cf292687a89e9b7cad50b801376

  
Dropping
MD5 64de41cb17473ccee7ed0f6605a49014
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e4a2f0fc57afb3f08bc128e0653b8c8d82651cf292687a89e9b7cad50b801376

Comments