MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24b2b9b5a502fd40ec43e02114e1067383b878526e3d9e5e7ec6a94ec80a21e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24b2b9b5a502fd40ec43e02114e1067383b878526e3d9e5e7ec6a94ec80a21e6
SHA3-384 hash: 5fcbe0cfe255bce030a6b119762a966305cdfba3dd56b98fcef05bc2d96b474a332bdfa96874f9403154ae3c4fb2ee96
SHA1 hash: 50d6307201288ac962cdaca673d438f67ad9ece2
MD5 hash: d8bca71460893625f4dddf865bf53c40
humanhash: magnesium-video-mango-harry
File name:Shipping Details_PDF.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:389'549 bytes
First seen:2020-04-21 06:40:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:ZHFROsql1vcQwNxFAAM5bgD0jK2/8gGMRcOt+GMetzn9lxLUFNkX6yS11MO:XRCbvc5TMFgD0jKT7GNRrLUFd5l
TLSH B5842362F2276DB0ABE42D21F454E448ACDECF43B31D429AC976F3417D0A61A33B0E58
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email
From: TNT EXPRESS WORLDWIDE <service@tnt.com>
Received: from pkz42-4-spamexpert2.hoster.kz (pkz42-4-spamexpert2.hoster.kz [185.113.132.33])
Date: Tue, 21 Apr 2020 02:42:25 +0100
Subject: TNT Delivery Notification: Confirm Your Shipment

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 02:20:14 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eszltnnfal6ub3cd4aqrjyigoob3q6csny6z4xt6y2uu5sakehta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 24b2b9b5a502fd40ec43e02114e1067383b878526e3d9e5e7ec6a94ec80a21e6

(this sample)

AgentTesla

Executable exe 5d4a0b8b4924e2095d4f5a9a222c373544f51ab56b52d0f02b468bd9a6dd1672

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5d4a0b8b4924e2095d4f5a9a222c373544f51ab56b52d0f02b468bd9a6dd1672

Comments