MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 466a375b7b5f601321673e24b128981c95e4e85dab932d79e8b48f9eae49def1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 466a375b7b5f601321673e24b128981c95e4e85dab932d79e8b48f9eae49def1
SHA3-384 hash: c3167bb9e14603b964f658017c601a5839dc96c2d43a4e9c34ad4274d2bef69bc31610e710af7b78e08e83c4ae26ea63
SHA1 hash: 02a61058a4a3599d464035274711bd9098d95083
MD5 hash: 42efb47d028b80700ae15d2a08857016
humanhash: blossom-failed-oscar-maryland
File name:JYFA020JY20012.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:850'511 bytes
First seen:2020-06-12 06:34:03 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:mKpS0MRDK84dtID/P9hMRlwkUgM2P3FOI19D:mmS0M1edsjaJ7MiZ9D
TLSH DE0533E04226419A9143A39BEFE400FE1ACD8D1893D224D45F5AFEF25D0DF9CF5B5868
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.bramadi.co.id
Sending IP: 116.90.165.77
From: beni.bastian@karyamasenergi.com
Subject: THE HOUSE SPECIFICATION JYFA020JY20012
Attachment: JYFA020JY20012.rar (contains "JYFA020JY2001.bat")

AgentTesla SMTP exfil server:
mail.chandrahardware.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 06:35:09 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=izvdow33l5qbgilhhyslckeydsk6j2c5vojs26piwshz5lsj33yq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 466a375b7b5f601321673e24b128981c95e4e85dab932d79e8b48f9eae49def1

(this sample)

AgentTesla

Executable exe 11faf0c766ae2157ada71192b7d6e19d2c375402f675e7c182ab09661605c9fa

  
Dropping
MD5 190a558bec5999fda81ef15930e43b86
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 11faf0c766ae2157ada71192b7d6e19d2c375402f675e7c182ab09661605c9fa

Comments