MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbea0766a204e0ab44be6e26f0a47e5f93cd6824e12800892981fe5b7e48356a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbea0766a204e0ab44be6e26f0a47e5f93cd6824e12800892981fe5b7e48356a
SHA3-384 hash: 967c748e0bc294419f68e64c22f239e05038e7c8a69f5bb293311c8e897cab4f148b68a4c73c1c5746a44abd05183e49
SHA1 hash: ae92b2e23c923cbd18c6e977510ce7c537920b83
MD5 hash: 7cdf906073f2af9788a985c535712b20
humanhash: texas-sink-gee-indigo
File name:Albarn.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:397'808 bytes
First seen:2020-05-19 14:12:10 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:XDNH7xKa5eV1l5dB5KvwvzXGaztVinVxe7U64hDObYj4HQph252dPpV+6EAV:Xd7z5U9NRztViHd64BBR0Ke6Eu
TLSH 9D842317B94B68AE20CBD231F95F5007E91F8E84798C04A9D612414DAD10BEBEF6B3D9
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ibermedia.infortelecomhosting.com
Sending IP: 84.246.211.14
From: Josep Miguel <j.miguel@rosergroup.com>
Subject: solicitud de factura
Attachment: Albarn.rar (contains "factura.exe")

AgentTesla SMTP exfil server:
mail.solivera.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 14:37:18 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
14 of 48 (29.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xpvaozvcatqkwrf6nytpbjd6l6j422be4euabcjjqh7fw7sigvva._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar bbea0766a204e0ab44be6e26f0a47e5f93cd6824e12800892981fe5b7e48356a

(this sample)

AgentTesla

Executable exe 051b439b1e03b920fd501b80238f05ae19545e0aa253caee060c4f950c05512d

  
Dropping
MD5 0b6b4bf5b8743b193dfc8e7ac9ea37a3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 051b439b1e03b920fd501b80238f05ae19545e0aa253caee060c4f950c05512d

Comments