MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06a0b1d3f82dc20931af89b03e39602e403972162eff59510b1aa0b2f66b19f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06a0b1d3f82dc20931af89b03e39602e403972162eff59510b1aa0b2f66b19f8
SHA3-384 hash: 44cdbcbd562e02d43e44c17afedff7447a4e4835ff5b4be10bf7ad81ef04181b32f5fd42a902d8d5b6962379b48ced89
SHA1 hash: 32917a9487d6521d4bda65483ee4daa3feb41f68
MD5 hash: f7ac0b9dbaf83b2e96710af501a888ca
humanhash: ten-video-shade-magazine
File name:ScanNewOrder_PDF.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:458'441 bytes
First seen:2020-05-26 10:43:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:UMCTihz7GSNLjgjmrKztgdXT1QNxgce3Ruka8FCx/Od:UMCTi9qMjgiezKXT0xgd3/tMZk
TLSH 50A423DC10C4CC8E4DD581990FEFDD8899A4A01F36E729BA4EB1F6601EB182F975C927
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.trib2k.ml
Sending IP: 85.204.116.150
From: Harish Kumar Attavar <procurement01@trib2k.ml>
Subject: RE: FW: TCLU9794511 / S2020040007
Attachment: ScanNewOrder_PDF.zip (contains "ScanNewOrder_PDF.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Generic-7899865-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 01:33:43 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 06a0b1d3f82dc20931af89b03e39602e403972162eff59510b1aa0b2f66b19f8

(this sample)

AgentTesla

Executable exe e4923f2e3773fadad36727ec18c9b392e8a3c0e01b6428cde077ebad13eda8d7

  
Dropping
MD5 09eb69a89839e979e06989df7ea5181f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e4923f2e3773fadad36727ec18c9b392e8a3c0e01b6428cde077ebad13eda8d7

Comments