MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45b371bbff9c525a1e594ddb1b2658dd03906d3f45100a46cd3a3c50180a24e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45b371bbff9c525a1e594ddb1b2658dd03906d3f45100a46cd3a3c50180a24e8
SHA3-384 hash: 8a12df65d5e5e6f7e84616aebd45e836e20f2d554164584b2eab435b63f957554a3f7e9a1a2e8d8b8e850d6b67df3dce
SHA1 hash: a74cd22477e2c280652b4840630cd0a23d27be23
MD5 hash: 6653111dbd274486e2c71199da1b8535
humanhash: grey-jersey-table-finch
File name:BrandDistributionGroup_BDGRequest9606896.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:383'675 bytes
First seen:2020-05-28 05:20:22 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:C1w0EXuKidTD1DY2eO0iPJflAZIzSnUvCpHgWhOZnA61NlpIO7aCu1zaU3hG:kw0EXYlfaZIzYUapAWhkD1NfaCCaUxG
TLSH 4A8423F936B9A0CCDB9BDFF91A075DB7C8EC0C6102112257AAF4B1792D11A041BA24BD
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: outboundmx-05.angani.co
Sending IP: 62.12.115.74
From: Malgorzata Winolowicz <export9@angani.co>
Subject: Request for Offer Clarification
Attachment: BrandDistributionGroup_BDGRequest9606896.rar (contains "BrandDistributionGroup_BDGRequest9606896.exe")

AgentTesla SMTP exfil server:
mail.fsicibd.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 05:36:30 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 45b371bbff9c525a1e594ddb1b2658dd03906d3f45100a46cd3a3c50180a24e8

(this sample)

AgentTesla

Executable exe 03ae223cd798671ce83cb8b8e660c06a4b9e6357ba78882ad5977e11ae8c298c

  
Dropping
MD5 5a2758b2221e48478f1eee431aaac7ac
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 03ae223cd798671ce83cb8b8e660c06a4b9e6357ba78882ad5977e11ae8c298c

Comments