MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa09f216b16698da5a3595c43724d64972d86ca3d98474d259ae2b2bfc54dd93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa09f216b16698da5a3595c43724d64972d86ca3d98474d259ae2b2bfc54dd93
SHA3-384 hash: e160714c39310c6924e5ae130cc32b189fa5510835d346bd9816ae00ddba3b22e7671dfffce2df1a6522867b839f15d8
SHA1 hash: 8c1be043d60d1b85d1609c37bb7849073af9f290
MD5 hash: 2a0fb5e7bc005c1cf9016b5e7e467609
humanhash: spring-potato-north-bakerloo
File name:New Order _20201105.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:412'268 bytes
First seen:2020-05-11 14:31:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:zcQFPZeyUXTN9vIX78YC6Q0XlmZpOymmdivG5N2mfnb:zBPZeyOTzIX78t6Jgdiv4wgb
TLSH 239423E9854039F910D3F4930D6A3DD3EDD53CAB29FD1AA48220DDD7E8C486CDAA6853
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: out4-4.antispamcloud.com
Sending IP: 185.201.19.4
From: abhay.tiwari@shivaminfo.in
Subject: RE: NEW ORDER
Attachment: New Order _20201105.rar (contains "New Order _20201105.exe")

AgentTesla SMTP exfil server:
smtp.bodycarecreations.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 14:37:04 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vie7efvrm2mnuwrvsxcdojgwjfznq3fd3gchjuszvyvsx7cu3wjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar aa09f216b16698da5a3595c43724d64972d86ca3d98474d259ae2b2bfc54dd93

(this sample)

AgentTesla

Executable exe 4913739bc7baef729acd15547556868644ccced4276319e34222a91590da1708

  
Dropping
MD5 da7824db15cc46b597ccf54bb158f97b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4913739bc7baef729acd15547556868644ccced4276319e34222a91590da1708

Comments