MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72e369cbc4075a128de58a692645f78255cf2cb6fe30be2b8266cd8e1daed8cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 72e369cbc4075a128de58a692645f78255cf2cb6fe30be2b8266cd8e1daed8cf
SHA3-384 hash: f7648bad4d28612cf261fc5e228c10519b2945591a350612b9c0a42cb394b80600451f7fbcf0862777b91a91e222bb67
SHA1 hash: 43683af1c90cf54ee4352f846adb47c807226981
MD5 hash: 84ff62a03626982347d7d6cacbcd9b61
humanhash: red-nitrogen-hawaii-alaska
File name:shipment notice.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:384'832 bytes
First seen:2020-05-11 14:29:12 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Rk6c4o4VzFyw95dd5OamiLTQr9FNWUhyPgzQTcc7K/IEW2GYwgoZATjxSYRG+jtv:Rk6n+i389FNWUhy4zQQVFhGYwvAT9vYs
TLSH 9984233E818F5ED18FCB4B169E8CF1E31095133DEAA8AD23D4CBAB29164E55C1C5A207
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: box.javedgroup.xyz
Sending IP: 138.68.249.252
From: Freight Export <info@starfoxsecu.com>
Subject: BL copy & Notice of Shipment
Attachment: shipment notice.rar (contains "ark.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 14:37:02 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=olrwts6ea5nbfdpfrjusmrpxqjk46lfw7yyl4k4cm3gy4hno3dhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 72e369cbc4075a128de58a692645f78255cf2cb6fe30be2b8266cd8e1daed8cf

(this sample)

AgentTesla

Executable exe cc755c59e27a7d6396e421c7e8365d250d615c10db82b3cf382323289f915e16

  
Dropping
MD5 d979ba137249f6a4db0b7be2f17b23ee
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cc755c59e27a7d6396e421c7e8365d250d615c10db82b3cf382323289f915e16

Comments