MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e63a954090c9566e104a540127ad1a35b04fbdc56214846e005971c4964466c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e63a954090c9566e104a540127ad1a35b04fbdc56214846e005971c4964466c
SHA3-384 hash: 4882f8c5afe1e715a2c3d4f980714bf1660a53218548a1006ddb8079c12e8e441452d05e6bdbcaa830ee0c26171204bf
SHA1 hash: a19b3d743435cbd641d0f8ab41a7635d759133b1
MD5 hash: 19498aa7ef9743a3a4636481ad5467cb
humanhash: lamp-bravo-alabama-jersey
File name:Inquiry Order CZ-130520.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:459'961 bytes
First seen:2020-05-14 06:24:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:y+raeLrfHpkKMKWEjECj3wkO1Fgot5r/izjCzvfsyl:1LrPCvEf3wkObgax/izynjl
TLSH FAA42394EC57C16520DA786AF892F21C72753F71C7B3EA5BA0E3880A7CD99369464CF0
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mx79.dns.com.cn
Sending IP: 180.76.192.79
From: Sandip Saluza <formin@formin.com.cn>
Subject: Inquiry Order CZ-130520
Attachment: Inquiry Order CZ-130520.rar (contains "Inquiry Order CZ-130520.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 06:36:58 UTC
File Type:
Binary (Archive)
Extracted files:
11
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dzr2svajbskwnyieuvabe6wrunnqj664kyquqrxaawlrysleizwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 1e63a954090c9566e104a540127ad1a35b04fbdc56214846e005971c4964466c

(this sample)

AgentTesla

Executable exe 89bd696df7073c78ebc27a60c79728b782ca27d1d82abc8b0d5aafea1d1d61d3

  
Dropping
MD5 fb764d634c50fef39fe35f309d44761b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 89bd696df7073c78ebc27a60c79728b782ca27d1d82abc8b0d5aafea1d1d61d3

Comments