MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78d4b13f07ccec0ea4f09899944f8e1a4ea399a1573b152ab184b212e3e35f72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78d4b13f07ccec0ea4f09899944f8e1a4ea399a1573b152ab184b212e3e35f72
SHA3-384 hash: a0e1f89de963171f81c0075d2011e3354ff16b4eab41ef129fc5be0d12e52d4749b6d54b51f0f6d46672d527e03fe7c0
SHA1 hash: 9443caac0b07768273f0a5d284d532fcb776c471
MD5 hash: b846f3f85e24ef918e863096f110feb8
humanhash: asparagus-bravo-massachusetts-red
File name:CI 20240018 PO 871122.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:401'100 bytes
First seen:2020-06-11 06:09:59 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:E8oLa6We2Zk90QAACjajIDLxQw1btxAxBr7eZeTB6+:QW++C9CWjiLxHRtxBe5
TLSH 428423DB194499649B4BCBF4F9014484E2E2C82723C81A7D52B4E61BFF58F8EEF9E054
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: Ahmed Mahmoud/CEO <ceo@mhrc-bd.com>
Subject: AW: Shipping documents // CI # 2024000018 // PO # 001122
Attachment: CI 20240018 PO 871122.arj (contains "CI # 20240018 &PO # 871122.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisB846F3F85E24.20120.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 05:19:06 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pdklcpyhztwa5jhqtcmzit4odjhkhgnbk45rkkvrqszbfy7dl5za._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj 78d4b13f07ccec0ea4f09899944f8e1a4ea399a1573b152ab184b212e3e35f72

(this sample)

AgentTesla

Executable exe e1a319fa7beb45eb37027f911eaf5b74840319f5dafecde1a4e6c201aa0ea46d

  
Dropping
MD5 2e16c0b5d2bfde331ba6f73c2ee1a28b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e1a319fa7beb45eb37027f911eaf5b74840319f5dafecde1a4e6c201aa0ea46d

Comments