MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e875ce9cb72b3bb88df5cfec52146a048d62dbf2d6f5e286eaf21400581c6da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e875ce9cb72b3bb88df5cfec52146a048d62dbf2d6f5e286eaf21400581c6da
SHA3-384 hash: 6a6b79b79fe1e5d1bb4f1b04f6727577d69d7ea8cbb5fe682c923187cb9e9162e121bbdec1837c089ca8d2a3d71d1f1b
SHA1 hash: e1def932d9462af10bfd031fb70706acd5249bc1
MD5 hash: 51cfe6999bbcd4a6c5463607da1af754
humanhash: mississippi-winter-east-east
File name:P_8879_PDF.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:411'368 bytes
First seen:2020-06-12 06:37:27 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:H5zZZqkPx13m10o8H219bcu08UStOzzxKdKn:n8kPL3Yt3bi8ntaKQn
TLSH 679423BBADE5DFDAD492220668329CCE67C6157B504430CAF3B7C7C9E91F4BA8049E41
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mailgate07.ps.kz
Sending IP: 78.40.108.7
From: parasat@kalam.kz
Subject: COPY OUTGOING PAYMENT - MT103 / CBC-DEBIT ADVICE-EMAIL
Attachment: P_8879_PDF.zip (contains "P_8879_PDF.exe")

AgentTesla C2:
http://lucasacc.com/office001/webpanel/inc/3331f6ffacdb1f.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EMHL.24330.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 06:39:05 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b2dvz2olokz3xcg7lt7mkikgubenmln7fvxv4kdov4quabmby3na._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 0e875ce9cb72b3bb88df5cfec52146a048d62dbf2d6f5e286eaf21400581c6da

(this sample)

AgentTesla

Executable exe def3a384fb2c2fbe147039cfd377cce023c19c317461a912cc084518cd23be33

  
Dropping
MD5 7c16e236c36bff6f0a26942781f3c64b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 def3a384fb2c2fbe147039cfd377cce023c19c317461a912cc084518cd23be33

Comments