MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 340fa5b139879b842bc18118afd2cf2abc1cc3cb2648845621f80a0f29ef6e2d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 340fa5b139879b842bc18118afd2cf2abc1cc3cb2648845621f80a0f29ef6e2d
SHA3-384 hash: c8236c5c0ec5e951b5bf26f7ed61ecdc8bc07cb2023263d42b3cca58b7fb638200466d079830b7a62ae67d42f920dec8
SHA1 hash: dc6c31d9df26e4b46aae14f4c41972317ce28c3c
MD5 hash: 55c053bcd84b313de52647e2dc870244
humanhash: missouri-venus-berlin-happy
File name:Purchase Order_PDF.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:360'703 bytes
First seen:2020-05-11 09:25:56 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:scWfYWYwa6ZJe4r+kG40crFTV2r9nV87Bv+YNWxS4XeT8yEfSNVWq/uxy/Q:FkYWnZdGTCXks5NWxwrz/Sy/Q
TLSH AD742379646ACF2BBEF23F7C8BAF7C373524DE9AA7A6086F52D35508118C2226570114
Reporter abuse_ch
Tags:AgentTesla cab


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: [209.58.149.66]
Sending IP: 209.58.149.66
From: Jijo Joseph <sumant.k@indiaelec.com.sg>
Subject: April Quotation Request (RFQ)
Attachment: Purchase Order_PDF.cab (contains "Purchase Order_PDF.exe")

AgentTesla SMTP exfil server:
smtpout.asia.secureserver.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.39830.9210.6092.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 09:36:21 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gqh2lmjzq6nyik6bqemk7uwpfk6bzq6lezeiivrb7afa6kppnywq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab 340fa5b139879b842bc18118afd2cf2abc1cc3cb2648845621f80a0f29ef6e2d

(this sample)

AgentTesla

Executable exe 4eab3bceb0ca4865e6512e1a69e899868f30ce0550bfacf9ffe0ef42364a70af

  
Dropping
MD5 a2d432cd6919958e7cec63d62bf7be1c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4eab3bceb0ca4865e6512e1a69e899868f30ce0550bfacf9ffe0ef42364a70af

Comments