MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e161e75ce429f205391edd306be2e85b629d45c4f57a531b3c257d4216eaebe9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e161e75ce429f205391edd306be2e85b629d45c4f57a531b3c257d4216eaebe9
SHA3-384 hash: 41155a2959d1690f4a563ff2e3a17a3f9c67e8fc839dc57f586fee775e68d294fc55d03c7ff04d43e7c5a5946cf45f98
SHA1 hash: 5aaed903ed34a4ba368b352d39ac99a7badd209a
MD5 hash: f672bc4cecd2cfa894099f2888c741c5
humanhash: alabama-virginia-river-table
File name:PO07212020_PDF.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:541'709 bytes
First seen:2020-07-21 16:10:37 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:oDeOfzUYmqqLetXmTsKijnfoTHY1ryMVrsY4+0yAgunCxL:4e4zUZqqLeJmoKiDQTSx+Y4+VSnCxL
TLSH E7B4231FF3DB2814438C9EF51EB2722D038B559D5D900916836AEA9AF858E42D6F36F0
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: srv.kucukofis.com
Sending IP: 94.237.90.68
From: Dame Williams <reservation@memoiredangkor.com>
Subject: PRICE REQUEST
Attachment: PO07212020_PDF.rar (contains "PO07212020_PDF.exe")

AgentTesla SMTP exfil server:
mail.bosut.mk:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e161e75ce429f205391edd306be2e85b629d45c4f57a531b3c257d4216eaebe9/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 16:12:07 UTC
AV detection:
15 of 31 (48.39%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4fq6oxhefhzakoi63uygxyxilnrj2roe6v5fggz4ev6uefxk5puq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e161e75ce429f205391edd306be2e85b629d45c4f57a531b3c257d4216eaebe9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar e161e75ce429f205391edd306be2e85b629d45c4f57a531b3c257d4216eaebe9

(this sample)

AgentTesla

Executable exe af8343cc25fb243e378897bcf5c22ff94287610ae86538862feb362e2382b456

  
Dropping
MD5 f9b83d22928f305ae1dfa7be13bdc3c6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 af8343cc25fb243e378897bcf5c22ff94287610ae86538862feb362e2382b456

Comments