MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3b01abe557c36bf27dfd04c532107634b048355eef06b04d0b85395d1847aed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3b01abe557c36bf27dfd04c532107634b048355eef06b04d0b85395d1847aed
SHA3-384 hash: b12622d94c959b655f7f65c5d010e47c4c46035248df91e4f1bdf64a4874c12e9fef332442f0cec2c67637f2b36d15fa
SHA1 hash: 896314b3ca6113c5a8b24d75c9668370c54c7b93
MD5 hash: 10f7d7ec0615601b2bb0fd09325ebc3a
humanhash: april-king-uranus-juliet
File name:SCAN_06-07-2020_1051_0001.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:817'824 bytes
First seen:2020-07-06 08:17:58 UTC
Last seen:2020-07-06 09:02:31 UTC
File type: rar
MIME type:application/x-rar
ssdeep 24576:jTD+cTVkhg+jq6+/GXtP18dOQiAIC1rg10FVbrli2l:PD5Rkhg++R/GXdpQgCxzWy
TLSH 6005239BC527050820BF10B3EBB87C26B15D2993E556F5E0A61FD0529F6F10C8ABDE6C
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: www4.webmail.pair.com
Sending IP: 66.39.3.58
From: Alshima Aluminium <request@webmail.editage.com>
Subject: Request For Quotations - SCAN-06-07-2020-1051-0001
Attachment: SCAN_06-07-2020_1051_0001.rar (contains "PO#_06-07-2020_1051_0001.bat")

AgentTesla SMTP exfil server:
mail.gimpex-imerys.com:587

AgentTesla SMTP exfil email address:
purchase@gimpex-imerys.com

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b3b01abe557c36bf27dfd04c532107634b048355eef06b04d0b85395d1847aed/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 08:19:04 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=woybvpsvpq3l6j672bgfgiihmnfqja2v53ygwbgqxbjzlumeplwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar b3b01abe557c36bf27dfd04c532107634b048355eef06b04d0b85395d1847aed

(this sample)

AgentTesla

Executable exe 20eeeac4b42b52839c639c01872dd44b739ddcda35db58fc5fd36aa7809d59fd

  
Dropping
MD5 3df0180fb48cc1f847031271214ce889
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 20eeeac4b42b52839c639c01872dd44b739ddcda35db58fc5fd36aa7809d59fd
  
Dropping
SHA256 cffb45e8c04fdc4018edff27e0156d6e30eb55c8bbc18e75aab7417a80ae8aaf
  
Dropping
MD5 93122163f42ebb1143b9d16cb3b89fc5

Comments