MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06bae260c00b32d44c4d98b09e3337aa1f72f3678a7b27523e77369756fa7fe3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06bae260c00b32d44c4d98b09e3337aa1f72f3678a7b27523e77369756fa7fe3
SHA3-384 hash: 338588d4a5d8a67a54afba0736cfebdd2b34f33073f764ab0bacdc8eea38b01640aeb9143e88978c14a3801147b956da
SHA1 hash: ae4c84f9a0af2f30e44eb0d801932197f91d7d5d
MD5 hash: d58a87be2c49967614a0ef3d7a596f86
humanhash: beer-bluebird-louisiana-table
File name:PO 202010041JDS.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:268'214 bytes
First seen:2020-05-25 12:57:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:ndrLryxWa0DgTl6IOmvVeaKpyL/fdgJwAuvatbWPFvBN3h4k:RkU+6dm0rGfdZAu8bW5b3d
TLSH B94412635F29B05CF0EBFF411D1006D53A80869EACF289D5AD34BCAFA95A16B133D12D
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: qq.com
Sending IP: 59.36.132.50
From: Tan Jinxing <sales3@szmuchang.com>
Subject: Re: PO 202010041JDS
Attachment: PO 202010041JDS.zip (contains "PO 202010041JDS.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VZZ.10691.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 13:36:39 UTC
File Type:
Binary (Archive)
Extracted files:
21
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 06bae260c00b32d44c4d98b09e3337aa1f72f3678a7b27523e77369756fa7fe3

(this sample)

AgentTesla

Executable exe 9db03df30746e08a092e729d678f269d921e9e143d7a31563a012d561caa860a

  
Dropping
MD5 99c6397fa4198f7f995b4e3c4f5f4429
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9db03df30746e08a092e729d678f269d921e9e143d7a31563a012d561caa860a

Comments