MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c98bd434dee267a6cf474a9be5a54de46a9a434809537aa89fb9aaa03a065bc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c98bd434dee267a6cf474a9be5a54de46a9a434809537aa89fb9aaa03a065bc9
SHA3-384 hash: 47cf2a7718eba8164605d5f6b065c836155855f0ce1aa313d0034d008c29f24931fc832e7d2fbd4b73b63550847483fe
SHA1 hash: 4ca0e178796f28c385f3634801ef03fe1125def9
MD5 hash: 1ca6bb6e6d7f22c09be17f08d0d65a82
humanhash: hotel-pizza-kitten-mango
File name:Inquiry Order Quotation.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:470'123 bytes
First seen:2020-08-18 19:34:43 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:P1YbP8/uZqRxgvxhCoZjRvM5hWD9RzPAQjPV9K6dzuxJ:9YbEWIHMIoZ10uJR7AQ7V1uH
TLSH 1DA4239CF3C18D1B25C17FF7098E533C140EA855A93AD58889C79A3E8E7AC43A57D06B
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: "Muruganandam Kannangopal" <Muruganandam.Kannagopal@hyve.group>
Subject: AW: AW: Inquiry Order From PAPEX Group
Attachment: Inquiry Order Quotation.rar (contains "Inquiry Order Quotation.exe")

AgentTesla SMTP exfil server:
mail.dhana.com.mx:587

AgentTesla SMTP exfil email address:
cs50@dhana.com.mx

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c98bd434dee267a6cf474a9be5a54de46a9a434809537aa89fb9aaa03a065bc9/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 18:30:26 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zgf5ing64jt2nt2hjkn6ljkn4rvjuq2ibfjxvke7xgvkaoqglpeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c98bd434dee267a6cf474a9be5a54de46a9a434809537aa89fb9aaa03a065bc9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar c98bd434dee267a6cf474a9be5a54de46a9a434809537aa89fb9aaa03a065bc9

(this sample)

AgentTesla

Executable exe 25ef4eb5dbb6b39d8563f3874eaeb97f1637df07278bfbdad0161afceb4164e4

  
Dropping
MD5 ad21d18a859d07073d04b0671b757fdb
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 25ef4eb5dbb6b39d8563f3874eaeb97f1637df07278bfbdad0161afceb4164e4

Comments