MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba3f294111b0c0e6d43a1d997ebdea1b224478100bb31951a90fd3c40094368f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	ba3f294111b0c0e6d43a1d997ebdea1b224478100bb31951a90fd3c40094368f
SHA3-384 hash:	f3850ec246fbfa3a4a0b3d6bac884d9571110fb5d982d7d5167fd2649b36a145eaaa7d58cd4385beec8436eb0c3dedf4
SHA1 hash:	dfe036104349124f13d14368375180d667178ab3
MD5 hash:	83bf776efcc054cf41b33c086330e4cc
humanhash:	jig-hamper-zebra-nineteen
File name:	DLR20-530 PO WH 5409- Umm Al Hayman EPC Project.pdf.lzh
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	713'787 bytes
First seen:	2020-12-20 12:08:35 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	12288:+bQ0zhZUXcksx3Mmef6GrvXDsppsmyKvshpgXuLQYJ4VmEXg8avArN+iM9/2l+AN:+Q6eX/sqf6OXDsX9shpgBHQ8avVF2lwA
TLSH	E1E423CD70ED003B78FF6652CD6AA59468F0F44215E81BF78F492412B1BAA2DB87C947
Reporter	abuse_ch
Tags:	AgentTesla lzh

abuse_ch

Malspam distributing AgentTesla:

HELO: park-mx.above.com
Sending IP: 103.224.212.34
From: Khalid Parkar - Alhasawi Group <khalid.parkar@alhasawi.com>
Subject: RE: Purchase Order for Umm Al Hayman EPC Project (2020- 12- 233,230)
Attachment: DLR20-530 PO WH 5409- Umm Al Hayman EPC Project.pdf.lzh (contains "Purchase Order & DWG data sheet Compliance form PO WH 5409.exe")

AgentTesla SMTP exfil server:
mail.jk-peru.com:587

AgentTesla SMTP exfil email address:
johnmuller1922@gmail.com