MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3afde9f48b72322a984056955836c5f617846478fd60d4dd7f7827ff44eb80e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3afde9f48b72322a984056955836c5f617846478fd60d4dd7f7827ff44eb80e1
SHA3-384 hash: 0696d3d1d2a9a39395f473dba5c18f28dd36eee7d5ec01c1beaeff8e3b657577e6c96842dc240f91ff79360514a4d549
SHA1 hash: ab769bb9ab83ddfb9c3af1b57789f9f681eab148
MD5 hash: 5e3bc63c70fc76516a5052de0d2ca71e
humanhash: eight-fish-bulldog-bakerloo
File name:Order_List IMGS.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:263'262 bytes
First seen:2020-05-01 14:47:48 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:ww5XQKDLI5XAgBQ0fD4xEzbs5KP8WmdWy:ww5XPI5XHQ0fDyE3s8P8WM
TLSH A0442327538FDCC7DB30CE39A497B772A2A4055AF55226D29DB96088DEBC7C4B4C1883
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mcegress-7-lw-139.correio.biz
Sending IP: 191.252.7.139
From: marcos@futurando.com.br
Subject: Re: Quote Futurar Global
Attachment: Order_List IMGS.rar (contains "Order_List & IMGS.exe")

AgentTesla SMTP exfil server:
smtp.pcrnoghuang.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 15:36:05 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hl66t5eloizcvgcak2kvqnwf6ylyizdy7vqnjxl7pat76rhlqdqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 3afde9f48b72322a984056955836c5f617846478fd60d4dd7f7827ff44eb80e1

(this sample)

AgentTesla

Executable exe 9521eb835f0b665867fd29206eca9c18df194cf8ce011ae04489f867c3db730b

  
Dropping
MD5 5d55f265a80617940d823429dc4f715a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9521eb835f0b665867fd29206eca9c18df194cf8ce011ae04489f867c3db730b

Comments