MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40a48007e9bc524140d372814fcd7e03cbb2edd0689d03b4efe91aeefe7b7acd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 40a48007e9bc524140d372814fcd7e03cbb2edd0689d03b4efe91aeefe7b7acd
SHA3-384 hash: ef7d85d5c2f95afa4fb9014fd4bb968cbfdc18c811299db996e374f0fdc16a7409e7956a546e05db702ed65c4813a155
SHA1 hash: cf133f9a3a49567f3591734b250839043bd7d31d
MD5 hash: 17a7442de0c8ba25ceb7aaeb4a0c6610
humanhash: charlie-november-apart-saturn
File name:POs 097663899 NEW ORDER.r.rar
Download: download sample
Signature AgentTesla
File size:373'611 bytes
First seen:2020-06-30 13:36:24 UTC
Last seen:2020-07-01 02:02:37 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:6iI1fZxuzBMuxanE1lL+94nmsfSjzqUfrn5scJfysAyEIb35aMFAsIkkCZAu2er9:KffuTxZ1J+94msafqUVscJfnms5aMibs
TLSH E08423BB36F2B0298080C4C74EBBAE31F35A5078348A7BB4D55F5081691E7D1E78679B
Reporter @abuse_ch
Tags:AgentTesla rar


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: pluscargoecuador.com
Sending IP: 103.99.1.149
From: Nishant Rajeev<grace.vaca@pluscargoecuador.com>
Subject: PO - RFQ # 097663899 NEW ORDER
Attachment: POs 097663899 NEW ORDER.r.rar (contains "POs 097663899 NEW ORDER.r.exe")

AgentTesla SMTP exfil server:
mail.parshavayealborz.com:587

Intelligence


Mail intelligence
Trap location Impact
IT Italy Low
Global High
# of uploads 2
# of downloads 34
Origin country FR FR
ClamAV No detection
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/40a48007e9bc524140d372814fcd7e03cbb2edd0689d03b4efe91aeefe7b7acd/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 13:38:05 UTC
AV detection:16 of 31 (51.61%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 31.15%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 40a48007e9bc524140d372814fcd7e03cbb2edd0689d03b4efe91aeefe7b7acd

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments