MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40dd02a1c74b1082e1cb3ecd80fe35447f2572c0dd18155b26601659fe3a59a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40dd02a1c74b1082e1cb3ecd80fe35447f2572c0dd18155b26601659fe3a59a2
SHA3-384 hash: e99b0060929e97eb3238bbf11883117d502bb029961e1e0eaf7bf7555f18b609797e49bb0ca9612ac918b9358fb0bd14
SHA1 hash: ce3803e25114bc9d567ec7b06ddde62c67dfa2af
MD5 hash: 3d35c994b44adcde90d2cca592c416a7
humanhash: cardinal-summer-india-early
File name:RFQ- PT MULYA MANDIRI NEW ORDER PO 02.27.20.doc.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'069'895 bytes
First seen:2020-06-21 06:53:53 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 49152:s8uBaa8ydAR39rN7gPmuV7wRM3xjg39vzEjAZBkaDk//j7Jz+ENa:s8w8ydsB7gPV7VChEjA3pDkfJFNa
TLSH 52A533248027BF65C4B720B089586E34A8151B2BDDA5F2FE48D1AF72F35598F87F0A34
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: polystar-china.com
Sending IP: 103.99.1.149
From: Fiona<zhujin.tong@polystar-china.com>
Subject: RE: RFQ- PURCHASE ORDER 1x20 FCL SHIPMENT CIF TIANJIN FOR PT MULYA MANDIRI JAYA
Attachment: RFQ- PT MULYA MANDIRI NEW ORDER PO 02.27.20.doc.rar (contains "RFQ- PT MULYA MANDIRI NEW ORDER PO 02.27.20.doc.exe")

AgentTesla SMTP exfil server:
mail.parshavayealborz.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27215.RarHeur.nocdb.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-21 06:54:05 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=idoqfiohjmiifyolh3gyb7rvir7sk4wa3umbkwzgmalft7r2lgra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 40dd02a1c74b1082e1cb3ecd80fe35447f2572c0dd18155b26601659fe3a59a2

(this sample)

AgentTesla

Executable exe 826f7d92ad363ef5588a9d983b76899cd45279c201e2af459a38ef034527bf06

  
Dropping
MD5 3200ae4f6dc2898755658b198ce4482f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 826f7d92ad363ef5588a9d983b76899cd45279c201e2af459a38ef034527bf06

Comments