MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19d0ce8ae8ddd18d99a1c3c0e8b551f074d343c2b87e2aa36a5365bb2ab95496. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19d0ce8ae8ddd18d99a1c3c0e8b551f074d343c2b87e2aa36a5365bb2ab95496
SHA3-384 hash: 93820f89dda4b9deafe77a2be2d92ae35f394164037572a540ed033360a839874f886df453bc3553f4936e2732f76d90
SHA1 hash: bb7ef2a2f2d3633d1b665cec17f8280d37d28980
MD5 hash: 39deefa4f92cc847901e814d3a571a8f
humanhash: two-sink-jersey-queen
File name:Order 78469.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:421'835 bytes
First seen:2020-05-11 14:37:07 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Q+hvFqoBlRdFO+hoEE43hWY1vTj2KKavEAoi8QX1hNuE2Zrm/tUl+u4dPPcPnUoM:Q8qo19hT3hW4Tjl4QX1fujZtn4dHccWq
TLSH 3694239D843D933F6244E09DD92F80C444863DD9C6562C20B0AFF7692DBD859887BFBA
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp78.iad3a.emailsrvr.com
Sending IP: 173.203.187.78
From: TEJAS M. SHAH <tms@narayanpowertech.com>
Reply-To: tms@narayanpowertech.com
Subject: Quote
Attachment: Order 78469.rar (contains "Order 78469.exe")

AgentTesla SMTP exfil server:
mail.head2hire.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 01:48:04 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dhim5cxi3xiy3gnbypaornkr6b2ngq6cxb7cvi3kkns3wkvzksla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 19d0ce8ae8ddd18d99a1c3c0e8b551f074d343c2b87e2aa36a5365bb2ab95496

(this sample)

AgentTesla

Executable exe ff5e8952205e070d7f8beed5b6da7a249229d02c0bf5694701ddbf6cec5ec3ef

  
Dropping
MD5 780cca2ffd2ee8b9701515ad4b3d110c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ff5e8952205e070d7f8beed5b6da7a249229d02c0bf5694701ddbf6cec5ec3ef

Comments