MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d9d7ca207a922cb738b05ba28e8cc471d81e826d54dd0e35b74e1a826379f69. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d9d7ca207a922cb738b05ba28e8cc471d81e826d54dd0e35b74e1a826379f69
SHA3-384 hash: 8c43fb06db4caa03680a2b4d2e2d6c5a214d0d2c4386027eed15d99e23a7142788130f03344a72a6fa928e0be7c8d206
SHA1 hash: 38b2415fa86bbfda429a2e5a461bca520e7ed153
MD5 hash: 5b23036fab0397274bd9c4dfb96c44fc
humanhash: network-aspen-wolfram-maine
File name:payment Bid Contract form C2.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'714'686 bytes
First seen:2020-05-07 11:01:21 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 49152:nWyBaqc7MPFdAKv9BA62WyBaqc7MPFdAKv9BA6J:vwPeFCKVB6wPeFCKVB3
TLSH 6185337576FE4D1AB8582BE89B9C8B843076C9E226235F9B837B03B5CCC5C45C9057E8
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: deliveryinfomails.com
Sending IP: 69.195.145.138
From: sales@deliveryinfomails.com
Subject: Fw: Aw: Bid of payment & Contract form C2
Attachment: payment Bid Contract form C2.rar (contains "Contract form C2.exe")

AgentTesla SMTP exfil server:
mapi.diplemailsrvr.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 11:35:47 UTC
File Type:
Binary (Archive)
Extracted files:
40
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=twoxziqhvermw44law5cr2gmi4oyd2bg2vg5by23otq2qjrxt5uq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 9d9d7ca207a922cb738b05ba28e8cc471d81e826d54dd0e35b74e1a826379f69

(this sample)

AgentTesla

Executable exe 5e5d665f261aacccd45ce0cdeb9c09190918eca48adf692919446bf5a2b8b2ba

  
Dropping
MD5 61cd9cf4bdb92c7b87610c6ca3bbb9f2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5e5d665f261aacccd45ce0cdeb9c09190918eca48adf692919446bf5a2b8b2ba

Comments