MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02cb58a1f36135bdae8f1b9e73a25776a00bb0fce7dfa12e1ab3000c74d8da30. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 3 Yara Comments

SHA256 hash: 02cb58a1f36135bdae8f1b9e73a25776a00bb0fce7dfa12e1ab3000c74d8da30
SHA3-384 hash: 34acddf8000940929620a5646c9b70904ce12e182d65f787d85d63434275f9d843094c816404e56d4663493d53dc87c0
SHA1 hash: 49a75bd18e5f7db6679cdfcfdc051a5c13d1fc75
MD5 hash: 53cc265aac5ee6a9cd8530f32305340d
humanhash: colorado-glucose-friend-twenty
File name:shipping documents.pdf.z
Download: download sample
Signature AgentTesla
File size:380'047 bytes
First seen:2020-06-30 06:06:49 UTC
Last seen:2020-06-30 08:33:33 UTC
File type: z
MIME type:application/x-rar
ssdeep 6144:Q5OaGh54zdpphqAnArzIQYnLcd5OrXStDchfI5SfIh+DWDLzy:QT+4UPNsYd5Fuf9fIADWDa
TLSH 9D8423478694B6123941DDC8869C04FA6862FC7C60892DF63485FEE6FB819B5F0DEF48
Reporter @jarumlus


Mail intelligence
Trap location Impact
Global High
CH Switzerland Low
NL Netherlands Low
# of uploads 2
# of downloads 27
Origin country FR FR
ClamAV No detection
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 06:08:05 UTC
AV detection:17 of 31 (54.84%)
Threat level:   2/5
Spamhaus Hash Blocklist :Suspicious file
VirusTotal:Virustotal results 12.90%

File information

The table below shows additional information about this malware sample such as delivery method and external references.



z 02cb58a1f36135bdae8f1b9e73a25776a00bb0fce7dfa12e1ab3000c74d8da30

(this sample)

Delivery method
Distributed via e-mail attachment