MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b288638f3567a5a6964e8d0497eb1d5f18c248033b2b1151a667472a8f2ed1c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b288638f3567a5a6964e8d0497eb1d5f18c248033b2b1151a667472a8f2ed1c6
SHA3-384 hash: 14f7bc45d95941efe004236dc52b140c1de393e633dcdec21729a0a2daea59b2c81ede13435ea19767d8c36fcf1b933f
SHA1 hash: 326bb197596ff1e81ecacc1046cd957b87dc765b
MD5 hash: 5d424409a096c042b2b957959d5fceb5
humanhash: may-kansas-september-bravo
File name:FACTURA 202915 MODIFICADA.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:386'677 bytes
First seen:2020-05-19 14:25:03 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Z/3ahFqei/+hu+1bDilwiHNs8RNbKi9DlMl0NBl4EOeNG3Xe2KBblLJ7h9A4oEEJ:Z/iFq7/+u+1bOZ7qiT1vOeNG+dBblLJY
TLSH 7984238B7361C761E3B5666F94E0390CDCEEA070886E0519B966B3664235837C7FCB17
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vxsys-smtpclusterma-02.srv.cat
Sending IP: 46.16.61.68
From: Juan Ramírez Díaz <j.ramirez@futunablue.com>
Subject: Justificante de transferencia
Attachment: FACTURA 202915 MODIFICADA.rar (contains "FACTURA 202915 MODIFICADA.exe")

AgentTesla SMTP exfil server:
mail.xb-hairstyle.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 14:37:15 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wkeghdzvm6s2nfsorucjp2y5l4mmesadhmvrcungm5dsvdzo2hda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar b288638f3567a5a6964e8d0497eb1d5f18c248033b2b1151a667472a8f2ed1c6

(this sample)

AgentTesla

Executable exe 361e9e5f21e1dad4168133ab9cb14e515e258312bda1db451175ea04de3ebdbf

  
Dropping
MD5 986cdda13dc5f75418e755b52e40d4db
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 361e9e5f21e1dad4168133ab9cb14e515e258312bda1db451175ea04de3ebdbf

Comments