MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b86ba0446cb8fe5dcdcbfb0deb0cfb07eb6bd14021156eadd23c0b6f4bbb87a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b86ba0446cb8fe5dcdcbfb0deb0cfb07eb6bd14021156eadd23c0b6f4bbb87a8
SHA3-384 hash: 18e2ae8910b67ee179dd6940b9f6d29bfd9daf486967e8a004aebc31aa35c1562f4bdba3d02fb2d2c91366a615631b58
SHA1 hash: dc73828590eff5fde960de8e044a8cd24aae7d7a
MD5 hash: 1f642f1232e9ef91740b011704addf9c
humanhash: equal-venus-undress-golf
File name:Purchase order.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:277'363 bytes
First seen:2020-04-29 16:33:29 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:I3IdVmT7G5qVlEdesJlQcHd/qjtSB33Un7M/8t6mY0PQEUiqzYR/YLU:IgC7oVv9ijteHL2qzYyLU
TLSH A64423BCF4DE9B89003AAF56AB4AD31D3A3EFAA01749573033D6ECC5850B557128D1B2
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gateway5.unifiedlayer.com
Sending IP: 74.220.211.130
From: Foreign Purchase <abubakar@dawoodtex.com>
Subject: Purchase order nos 2020035 & 2020035B
Attachment: Purchase order.rar (contains "nnn.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EIJN.25442.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 16:35:26 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xbv2ardmxd7f3tol7mg6wdh3a7vwxukaeekw5loshqfw6s53q6ua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar b86ba0446cb8fe5dcdcbfb0deb0cfb07eb6bd14021156eadd23c0b6f4bbb87a8

(this sample)

AgentTesla

Executable exe 4817485767f8064b867db9045b6f5de51393e4d41547e8e0fbf454de9c2910f6

  
Dropping
MD5 a496a7cdabc7f081bfb3f668ed9834ee
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4817485767f8064b867db9045b6f5de51393e4d41547e8e0fbf454de9c2910f6

Comments