MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75e98f3704409ee464dca29e4783a1c5d5a54c076164fae722a8caa950ca8afc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75e98f3704409ee464dca29e4783a1c5d5a54c076164fae722a8caa950ca8afc
SHA3-384 hash: ae71fbf1ccdaf061477b0f6d1bec7f5261c84a1b55c22e8410f056ce1dd229b86e9ba900d83afdd168eea2142909e2ce
SHA1 hash: 2e0b19bb886521aecfc064862e8eea775f62c879
MD5 hash: e2f8b51ff5c43fc0c84f18173f75f543
humanhash: bravo-ceiling-cat-angel
File name:Q88.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:448'002 bytes
First seen:2020-05-25 12:58:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:hQociKnO25rDZO4zYcd2wbx2/j09w474N6nfP56rb2t42o:hQbHnO2hAcQaiQ9Zv326O/
TLSH D394236C0A97DBD0D9765A2C50EB2AADD7EF80EE840875763B4B4C90B3419BEF118437
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail0.503.drienimeoni.casa
Sending IP: 167.71.228.228
From: Direct Fuel Marine <info@directfuelmarine.com>
Subject: RE: M/T PEGAS, Ulsan EPDA CALCULATION
Attachment: Q88.rar (contains "Q88.exe")

AgentTesla SMTP exfil server:
mail.kalatecnic.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 13:36:56 UTC
File Type:
Binary (Archive)
Extracted files:
26
AV detection:
16 of 30 (53.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 75e98f3704409ee464dca29e4783a1c5d5a54c076164fae722a8caa950ca8afc

(this sample)

AgentTesla

Executable exe d5f7c7d07ee10734d592c1720f159495d761473ef8859dd0dfa92e8c2d68905e

  
Dropping
MD5 f04d2ebdfe1170ea484f19096301d748
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d5f7c7d07ee10734d592c1720f159495d761473ef8859dd0dfa92e8c2d68905e

Comments