MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d96bccad8e8f82c83c0628bcb5eb7a1045137973e46f10950bd42350640efea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d96bccad8e8f82c83c0628bcb5eb7a1045137973e46f10950bd42350640efea
SHA3-384 hash: 5073c9da45f560130db5cfb28f694757431b01c772d37a0f2deac84e26b2a8e23b4cbfffffe6ea5fa9000e13d5f815de
SHA1 hash: e70e379aed973231782e050e72e1763489e17372
MD5 hash: 1faa477fc3f60fcc3f68f7a9e493e631
humanhash: arkansas-cold-lake-tango
File name:PaymentConfirmation.CAB
Download: download sample
Signature AgentTesla
Create hunting rule
File size:263'031 bytes
First seen:2020-06-08 07:46:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:0HQiAa5UDaS1en9KXUCroSGGB1RP4wNy3g17+y7ec/AfRrAC+x:MQx1e9GUkrVywN6g1L7nC+x
TLSH 6144235A0D339E704D0B9DD6C68B15CD8EB9183D30FF6748964BDEC5029EEA43EA8069
Reporter abuse_ch
Tags:AgentTesla cab


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ards.co.za
Sending IP: 190.117.101.190
From: Chrystal Van Wyk <chrystal@ards.co.za>
Reply-To: Chrystal Van Wyk <aahvanrooyen@gmail.com>
Subject: Fwd: Payment confirmation
Attachment: PaymentConfirmation.CAB (contains "PaymentConfirmation.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WFR.17263.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 07:48:04 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bwllzswy5d4cza6amkf4wxvxuecfcn4xhzdpcckqxvbdkbsa57va._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 0d96bccad8e8f82c83c0628bcb5eb7a1045137973e46f10950bd42350640efea

(this sample)

AgentTesla

Executable exe 2d06060bf7e05715ff183c4e08f1c2318b9048a4d9576714958df0080b85cbf4

  
Dropping
MD5 83ec45664ef2867ae66d755d6d777fd6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2d06060bf7e05715ff183c4e08f1c2318b9048a4d9576714958df0080b85cbf4

Comments