MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9cebca5047d6d122d14271cdafb9e9d5b2dbcc1bfa4f8c05d12a115738e393fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9cebca5047d6d122d14271cdafb9e9d5b2dbcc1bfa4f8c05d12a115738e393fb
SHA3-384 hash: 0fa6a4699424b83f8cdaa48508ea1192e38bed9bc63284c84aacf3c55f1ce580724db93e029a493b251dac81a8c0b91b
SHA1 hash: b67cff65bdbeb75e3d4f1e60da6d09a0a177c0ee
MD5 hash: 5692028812c8be19b864cd75a0bf0f8b
humanhash: mobile-angel-mango-autumn
File name:profma.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:391'076 bytes
First seen:2020-06-29 12:12:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:WvXoXqXFuYY6Z7IBN9dCTxVj8Thykur0QYWpE7V1Z4duapXd3u9p3GwVNwj6fgMr:oYQFu27CN9dQxVjk053YvV1wpXdur3zn
TLSH 478423AC643EB77487A0E47C013959EEADB17153E75ECEDB241EC0ECA05C95FA0608E5
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: fre.freespirittours.ge
Sending IP: 192.254.140.61
From: executive@freespirittours.net
Subject: profoma
Attachment: profma.rar (contains "crypt.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9cebca5047d6d122d14271cdafb9e9d5b2dbcc1bfa4f8c05d12a115738e393fb/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 12:18:05 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ttv4uuch23isfukcohg27opj2wznxta37jhyyborfiivoohdsp5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 9cebca5047d6d122d14271cdafb9e9d5b2dbcc1bfa4f8c05d12a115738e393fb

(this sample)

AgentTesla

Executable exe 47ce52b1f15fd49510cfba9d86dce468c950d0a5bd7866f41a7affe9e9508f23

  
Dropping
MD5 248371070102d68dfd1afa5ecdaf33dc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 47ce52b1f15fd49510cfba9d86dce468c950d0a5bd7866f41a7affe9e9508f23

Comments