MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02556e92ca30a2cc8d3b962dadedbfaaa06c129a757e31bf3e00da70d96de889. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 02556e92ca30a2cc8d3b962dadedbfaaa06c129a757e31bf3e00da70d96de889
SHA3-384 hash: 616bf308638a90df672a66aeb10a7701cf4d6a1a3683010d3662633d90f7f9bee88148e7c898425bf55761cfa1ea348c
SHA1 hash: a38ffd261401bb2c7c3e83e48fce800de0cefaac
MD5 hash: 908c7fa96dd59ab6adcd6afea35ccdde
humanhash: enemy-hamper-september-failed
File name:CTC Intl Group ORDER N. 19146.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:409'843 bytes
First seen:2020-06-09 05:38:00 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:ZgBxUPduGSHynICHKtK470dHLOltNuxDzQh4dB6fO:UxMuGSStl4gE7oWh4dBr
TLSH E194238FD90222A251F8EF9E7753E315ACE1791F4710A01C51BC352C9FA76116AEBCB2
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: rdsor.ro
Sending IP: 45.137.22.115
From: Geal Aanholt <c-tin@rdsor.ro>
Subject: CTC Int'l Group ORDER Nº. 19146
Attachment: CTC Intl Group ORDER N. 19146.pdf.z (contains "CTC Int'l Group ORDER Nº. 19146.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200609-0823.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 05:39:04 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ajkw5ewkgcrmzdj3syw233n7vkqgyeu2ov7ddpz6adnhbwln5ceq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 02556e92ca30a2cc8d3b962dadedbfaaa06c129a757e31bf3e00da70d96de889

(this sample)

AgentTesla

Executable exe 9ff16ce8c4c4391af430eedc58a23ea4d004c597a7ee79790896bdff9abe7700

  
Dropping
MD5 9343fa14ad82a71a74e286a159acb84b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9ff16ce8c4c4391af430eedc58a23ea4d004c597a7ee79790896bdff9abe7700

Comments