MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e7dc624230ed953cb2f6326883292e89e8157e0286f6928bc2b65b991a17919. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e7dc624230ed953cb2f6326883292e89e8157e0286f6928bc2b65b991a17919
SHA3-384 hash: 1831f22c7ea7edcc891d11367a39edb095e9d2d825ef8fefdfc71986c6a48467851886bc3bf241faebcba10f024c98f5
SHA1 hash: 11c5e51624e94f3cd6b4c98ee3896248b7587cfa
MD5 hash: 46e1a696a7a038e547773f176ec46985
humanhash: early-idaho-pennsylvania-bulldog
File name:23RF-6292020 2.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:357'999 bytes
First seen:2020-07-02 09:25:43 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:6tawLrDu6RJuNu0BEOU6CVDSXgFHKSBQHO7Bqxlf70FzywZNBr48tCdnjScurQ:6b/D7arU6UD9FHzfKfIFzTZnr7c
TLSH 437423E45D02169DAADAC626B0DC3F03DF5F43427B4B64B3AF4B15B9D06271CA01A1DB
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: akkatoglu.com
Sending IP: 103.99.1.149
From: Fatemeh Mahini <munir@akkatoglu.com>
Subject: RE:Request for Quotation - Urgent 6/29/2020
Attachment: 23RF-6292020 2.zip (contains "23RF-6292020 (2).exe")

AgentTesla SMTP exfil server:
mail.rajapindah.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WQV.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0e7dc624230ed953cb2f6326883292e89e8157e0286f6928bc2b65b991a17919/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 09:27:07 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bz64mjbdb3mvhszpmmtiqmus5cpicv7afbxwskf4fns3tenbpemq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 0e7dc624230ed953cb2f6326883292e89e8157e0286f6928bc2b65b991a17919

(this sample)

AgentTesla

Executable exe 09e3903ce69ce7833be44661f3c02fdee3304b78afcb1314344f7e8c9588e4a7

  
Dropping
MD5 1d0c89e5eda4b9ec0262235d7cab44bc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 09e3903ce69ce7833be44661f3c02fdee3304b78afcb1314344f7e8c9588e4a7

Comments