MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc99ff99d345cb5e5c34c5db288fcc8ae4f992803e5f1c94d0619679f162a7fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc99ff99d345cb5e5c34c5db288fcc8ae4f992803e5f1c94d0619679f162a7fa
SHA3-384 hash: 33d737b7d350c87d87aac542502b2c40230fa8947949ab63a63d7e5e3d81d1d60f346487e04dda3a63c7263c85b6e35f
SHA1 hash: bffa83aec5504dd582abeb005138edba5848ddd9
MD5 hash: d866b8162503ea20a6e2a019f9ed1964
humanhash: equal-nebraska-undress-mockingbird
File name:DHL_Confirmation_CBJ190517000131RMs.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:448'404 bytes
First seen:2020-05-26 09:56:04 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:+5WJYHgrjteET6iqXSJutpdUjFcNkpkYtSrUFXM6zLgvUHL4/+YNFB7s3Iph:+5tHgl7TsSJaMZMVgtg8HL4mY5Ik
TLSH C9942338684B9D1221F7BFDA1D5D92650D8D5A90FC2F1D72120CB6E7E28DE6474B1331
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: anchorai.pw
Sending IP: 173.82.243.236
From: DHL <info@anchorai.pw>
Subject: Confirmation CBJ190517000131
Attachment: DHL_Confirmation_CBJ190517000131RMs.arj (contains "DHL_Confirmation_CBJ190517000131RMs.exe")

AgentTesla SMTP exfil server:
smtp.homecares-tw.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 10:36:57 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
14 of 30 (46.67%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj bc99ff99d345cb5e5c34c5db288fcc8ae4f992803e5f1c94d0619679f162a7fa

(this sample)

AgentTesla

Executable exe 51837e07f216a7af44fbabf5a9e0b91dcbc2dfd3c3428badf554049a193938cf

  
Dropping
MD5 de5d4464be06fa32db6a46ddd41880a1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 51837e07f216a7af44fbabf5a9e0b91dcbc2dfd3c3428badf554049a193938cf

Comments