MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3a4d8a119fb4841732e66cf69d971fe3c007dc195b81c4c0899f3c0dde686e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f3a4d8a119fb4841732e66cf69d971fe3c007dc195b81c4c0899f3c0dde686e3
SHA3-384 hash: fdb3d3140b95784aef03a770a03bb64bb7441b540eaa54b1a647f66cf2f6f294b7f5ffed71680f8ddbab607bd431285e
SHA1 hash: 97ba68b182777512070dcd36e2d81024382e5f2f
MD5 hash: 7533ff7f1e323e01d426c27aa9735af6
humanhash: sierra-snake-yellow-yankee
File name:Item Details.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:430'927 bytes
First seen:2020-06-10 11:41:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:LuDAFWK5AKuUKgZDZz9gQoS2OHIV+xELOlxvjC4pd:LuDkf6VUKgZDZSQm+xplxDpd
TLSH 6C9423A23B12CC5B729E00525AE4EC1942A22F711B7F4778CD3573787A41ED4E9CE1BA
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: spfilter-1.sel01.mschosting.com
Sending IP: 110.4.41.64
From: mohd.naim <mohd.naim@cekaptechnical.com>
Reply-To: mohd.naimnealworkrestblades@yahoo.com
Subject: REQUEST FOR QUOTATION
Attachment: Item Details.rar (contains "Item Details.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 11:43:06 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6osnriiz7neec4zom3hwtwlr7y6aa7obsw4bytaithz4bxpgq3rq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar f3a4d8a119fb4841732e66cf69d971fe3c007dc195b81c4c0899f3c0dde686e3

(this sample)

AgentTesla

Executable exe 6d2a192146876a4cbd53960fa55a8fe002e2280ef94642f880980dcb9eb7f5b4

  
Dropping
MD5 a5a35523c87f092e41e7df088ec1c0a2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6d2a192146876a4cbd53960fa55a8fe002e2280ef94642f880980dcb9eb7f5b4

Comments