MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e29e713513327d33ae63e1328968b97c866d4331a0df0558fdf0e27f2d65365. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e29e713513327d33ae63e1328968b97c866d4331a0df0558fdf0e27f2d65365
SHA3-384 hash: 0931dd2fbc246f4014938014f2233893609afcc00272a7f34661f57d9946c609411913e7daffb26516ae4330b08e855e
SHA1 hash: 0f9700283917c94f5d04ff03cbcd42a436fbb950
MD5 hash: 1916cf233e9c844ab28b7a50744c3866
humanhash: sierra-georgia-xray-johnny
File name:NEW ORDER NO 24344 _PDF.r02
Download: download sample
Signature AgentTesla
Create hunting rule
File size:412'462 bytes
First seen:2020-05-13 10:15:39 UTC
Last seen:Never
File type: r02
MIME type:application/x-rar
ssdeep 6144:rYRfRRgUb/3WrsWdrLb1eM4ItwI7QEkevI6ljxoUSYGPkMr0S4D8tXMZPEjkpZSi:U1ggGRRV+I7JvIeWPHCOXMhzpALBnmb
TLSH E5942340E263D873BF940D4AEFE61E566E61F18DE9C0B29E0143370C2556BB385A52FD
Reporter abuse_ch
Tags:AgentTesla r02


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: linuxplesk5.openhost.net.nz
Sending IP: 112.109.81.163
From: Alejandro Ferreyra <chutima@dextragroup.com>
Subject: RE: Request for Proforma Invoice
Attachment: NEW ORDER NO 24344 _PDF.r02 (contains "NEW ORDER NO 24344 _PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 10:36:49 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ryu6oe2rgmt5goxghyjsrfuls7egnvbtdig7avmp34hcp4wwknsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r02 8e29e713513327d33ae63e1328968b97c866d4331a0df0558fdf0e27f2d65365

(this sample)

AgentTesla

Executable exe fe9ff97639cd33c6204a731b688b9fea1bd1a9df0c539717ae80816828edb600

  
Dropping
MD5 0c74b0a1228f789543ec8663f4624281
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fe9ff97639cd33c6204a731b688b9fea1bd1a9df0c539717ae80816828edb600

Comments