MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16f0a3900025ef99294d6626b3c37a05f1e5d657b024cf41e23ad1db8c918fb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16f0a3900025ef99294d6626b3c37a05f1e5d657b024cf41e23ad1db8c918fb4
SHA3-384 hash: 7082f493c9c0aa36b46bccf098a41ff1ca119de58c69fe58eff1611beea9a4bf1daf5adaf5b4757895d8cfb9a312520f
SHA1 hash: bd88ee0e4f080690fb27fe70a64eb25739ce8ed2
MD5 hash: bf30969a3176458b5ba705944ffdb148
humanhash: massachusetts-comet-mobile-white
File name:Swift Confirmation Receipt.CAB
Download: download sample
Signature AgentTesla
Create hunting rule
File size:277'808 bytes
First seen:2020-06-06 09:33:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:EvGCGEhByWhSfVdxosED5YrvsKVb4btUPWmCmsuzlziSNP:qGREHHG0KVb4e79zFx
TLSH F64423E890D65F51843D75CCC37A47E70A2C6193512DE386E7E4C2B0AE7AE1E84B790A
Reporter abuse_ch
Tags:AgentTesla cab


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: info@chinatextiles.cn
Reply-To: aahvanrooyen@gmail.com
Subject: RE : Payment Advise Swift printout
Attachment: Swift Confirmation Receipt.CAB (contains "Swift Confirmation Receipt.exe")

AgentTesla SMTP exfil server:
mail.sesnettelekom.com.tr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.41116.32718.25235.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 20:06:35 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c3ykheaaexxzskknmytlhq32axy6lvsxwasm6qpchli5xderr62a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 16f0a3900025ef99294d6626b3c37a05f1e5d657b024cf41e23ad1db8c918fb4

(this sample)

AgentTesla

Executable exe 36429cacc88c8ee5ca2932e691c0e66c9a04466704c96240148c275d6786693e

  
Dropping
MD5 8ca2cc796fa6ad15bc90acd8910abd09
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 36429cacc88c8ee5ca2932e691c0e66c9a04466704c96240148c275d6786693e

Comments