MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3bb2ae240b1d0a8b5096886287339169e866b5dc86edd7f4bf94d1c7a66583c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3bb2ae240b1d0a8b5096886287339169e866b5dc86edd7f4bf94d1c7a66583c
SHA3-384 hash: a3746f13ec8dfa4ea709143831aa690d6f126a8c224d6545cbf0c6bc7fb71c449b35ae955970e0bf9dfc85bec345067a
SHA1 hash: 76fd2fe772ed11538047494625745920b3e98b68
MD5 hash: 90274912994e83bd8caad0508975c58f
humanhash: happy-chicken-colorado-nine
File name:PWLG-G7KF322S_2020.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:275'622 bytes
First seen:2020-05-26 09:24:35 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:IHttbREdA79uwVFECBg/tMOFTn0yfFQ1RlFJzLN:Irb6dAJuEFw/tZFQsQHvZLN
TLSH 8844232A1B35E0A8C7775EE88F37046A20D5BB75952E874FE3E988794CE513907F104C
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: serve0.nugraha.pw
Sending IP: 198.148.118.237
From: Clara Lin <info@nugraha.pw>
Reply-To: kate.wang@aus-home.com
Subject: Re: Resend Quotation PWLG-G7KF322S_2020
Attachment: PWLG-G7KF322S_2020.arj (contains "PWLG-G7KF322S_2020.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:37:12 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj a3bb2ae240b1d0a8b5096886287339169e866b5dc86edd7f4bf94d1c7a66583c

(this sample)

AgentTesla

Executable exe 775b8898cd9e81c13e9602412bf958020123c83086caad6b644a866037d331ea

  
Dropping
MD5 7932cd1434d18388d1ad54da051d36e9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 775b8898cd9e81c13e9602412bf958020123c83086caad6b644a866037d331ea

Comments