MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ca1d2b514e14e28a07dc578de2077c610ee7d022420380e960a2ee03e38bfd5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9ca1d2b514e14e28a07dc578de2077c610ee7d022420380e960a2ee03e38bfd5
SHA3-384 hash: aa8df281a795b67658c65888ffe55b7d8a4ecb788a3f857f59f44369023a000dc656b3139157be08d77e10ffdfee4d69
SHA1 hash: 1a93e3f6b4b8c35729226b91e85aca3cbf7e4430
MD5 hash: 6fa7fc511174dcc8b6e396470f6dac41
humanhash: sixteen-dakota-princess-emma
File name:Order and Invoice.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:353'055 bytes
First seen:2020-05-27 08:06:53 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:u0BYdX7O1AkVE9EOy+kh4feEdWZcgFyDZtTfksbfe3PiTusJQCvo89btkJ5PNFaT:PE7QA39y+kNEducE6rA3Pg/JQSZUP7Vi
TLSH F47423FF5873FAED460CE4D46448CDF5DA7A77A58AF46588B0FA1938221010197F87E2
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: nasegypt.com
Sending IP: 37.49.230.36
From: Tonny Hai <ashraf@nasegypt.com>
Reply-To: Email ADMIN <noreply@domain-admin.com>
Subject: Re: Order
Attachment: Order and Invoice.rar (contains "Order and Invoice.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27502.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 08:37:11 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 9ca1d2b514e14e28a07dc578de2077c610ee7d022420380e960a2ee03e38bfd5

(this sample)

AgentTesla

Executable exe f70e37d9c9380b978df1ccb8a67f644bb7d90174c420ff4b90beb61edb9e5f99

  
Dropping
MD5 313caf287b9a6b2d70c0e754345aca62
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f70e37d9c9380b978df1ccb8a67f644bb7d90174c420ff4b90beb61edb9e5f99

Comments