MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 049cf1a5c3ecd74b4de986216d1a8b9d10a21be4a1cd46db0a018679ae6423bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 049cf1a5c3ecd74b4de986216d1a8b9d10a21be4a1cd46db0a018679ae6423bb
SHA3-384 hash: 9486ab22eb9e8988fd8ecdfa9717dd73299e4b5d23962bb4fb4d4ec641d610ad719a4bb76125f6b946c5cb7fd81e4c91
SHA1 hash: c1e3fe1369b4f5d0df3b143e1e35824497c19b75
MD5 hash: 44229e676b5cf5b74c9dc24ba39a0e8f
humanhash: magazine-illinois-romeo-oranges
File name:specification_company profile.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:761'027 bytes
First seen:2020-06-02 10:53:13 UTC
Last seen:2020-06-02 10:54:08 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:wWLM/FsabJ1woT1Omtjr/k+QoVxQH8rNN30PZd6l99VIVQd12kSpdrIH6lfZFiY/:3LK/bDPbVxniZd6l99EdrdZFz/
TLSH A7F4331CB016466A3542CCC88E708153B8DD46637BF6DA633EAF8671E9828D552ED0BF
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mta0.infoolayan.tk
Sending IP: 185.22.153.217
From: Sawada<info@infoolayan.tk>
Subject: New project undertaking
Attachment: specification_company profile.zip (contains "company profile_original.scr")

AgentTesla SMTP exfil server:
mail.surglcalmaskschina.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 21:59:47 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=asopdjod5tluwtpjqyqw2gultuikeg7euhgunwykagdhtlteeo5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 049cf1a5c3ecd74b4de986216d1a8b9d10a21be4a1cd46db0a018679ae6423bb

(this sample)

AgentTesla

Executable exe 2a529183f1105351617673ef3e12de1eebc24a13ca11b8d92330094bf0dc2bf5

  
Dropping
MD5 075cf1b8522892856efc41779993b228
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2a529183f1105351617673ef3e12de1eebc24a13ca11b8d92330094bf0dc2bf5
  
Dropping
SHA256 92605cf78b7b975754a9defe3570dc6b30917fdfbc0d62f601145c28930c21f2
  
Dropping
MD5 4dc022310f86d0f94a74d8c0a7e7c58a

Comments