MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0bf46caf94167351274feda256d8d941229b42e363acb658680d9188a361fb2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0bf46caf94167351274feda256d8d941229b42e363acb658680d9188a361fb2
SHA3-384 hash: 4289cd69f1cc10491820259492936f4ab85447f5618f97224df42a2c6f92e0e7a18981d4d9af5c7c3558f15fd007778e
SHA1 hash: 0be1b10a71c0dad0400f73a431820156775be6ce
MD5 hash: 022a8f5417804ac57fb121831f63a9eb
humanhash: bluebird-beer-alaska-summer
File name:P.O. N PC055873.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:498'596 bytes
First seen:2020-05-01 12:59:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:l+JG3925fVxAvE4NUrsMR9SltmpUa1/C6T5uVY/0nKW30F:l+Jy25dcN6tPSvk3/NmkU/m
TLSH 22B42328869A3E5127B2118779DEF50CE020C302E9C9348A95CDF6AAF35BF6717F46D1
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.ggkorea.co.kr
Sending IP: 164.124.107.127
From: Sandip Saluza <s-saluza@shergroup.net>
Subject: Order P.O. Nº PC055873 - (URGENT)
Attachment: P.O. N PC055873.rar (contains "P.O. Nº PC055873.exe")

AgenTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
557
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 13:35:48 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yc7unsxzifttketu73nck3mnsqjctnbogy5mwzmgqdmrrcrwd6za._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar c0bf46caf94167351274feda256d8d941229b42e363acb658680d9188a361fb2

(this sample)

AgentTesla

Executable exe 96382f5a4c395562a3d763a7f61e09486af57987d43e5cd231063993bb6952ac

  
Dropping
MD5 96f8a7168381f56532b4fec9892d1b8a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 96382f5a4c395562a3d763a7f61e09486af57987d43e5cd231063993bb6952ac

Comments