MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a90ace66c2a0e5e9cc44e2f426ea167220cdd57d053a9adb3fdea4b990dbd3e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a90ace66c2a0e5e9cc44e2f426ea167220cdd57d053a9adb3fdea4b990dbd3e0
SHA3-384 hash: 1f751b653751d4e356d65c0d9cfd4ac032704d0cf69fcec004e35a238cf0fd9eb6622b2069c4db96da29254fea14b3cb
SHA1 hash: 34d1e35e0358bc0a39f7887d550b67981ac2d10c
MD5 hash: 223f13383a08a2d286e9d78dc7534270
humanhash: ink-early-eight-mars
File name:PO437322229.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:426'416 bytes
First seen:2020-05-27 12:00:00 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:An56vAMqGe4S4Bp6hrFqX9+LlN+jLPAGuETXa71Ik8Rm+:xeCkhkXClABuWXar8D
TLSH FA942363B2CC5B0047F1F1539B0BF9CE59269AA22760D23AB316E28E6C47D26FB41D45
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: tuna.dnsracks.com
Sending IP: 108.178.51.229
From: ethics committee <ethicscommittee@sdmh.in>
Reply-To: ethicscommittee@sdmh.in
Subject: RE: URGENT PO FOR AD2428WCCSZ-RL,DS26LS32MJ/883 PO#437322229
Attachment: PO437322229.rar (contains "PO#437322229.exe")

AgentTesla SMTP exfil server:
mail.unalanguvenlik.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27363.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 12:37:21 UTC
File Type:
Binary (Archive)
Extracted files:
22
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar a90ace66c2a0e5e9cc44e2f426ea167220cdd57d053a9adb3fdea4b990dbd3e0

(this sample)

AgentTesla

Executable exe 4ba8684ea84572cf8173538b85cf9442b263c20a1ae8f7acac4212f4ddef237b

  
Dropping
MD5 6585554259905a40d353cf186e4213cf
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4ba8684ea84572cf8173538b85cf9442b263c20a1ae8f7acac4212f4ddef237b

Comments