MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d1930b4be3bc85d063e73b39d9a60695b8ce8d2f90ec79cc737f130e909eae6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d1930b4be3bc85d063e73b39d9a60695b8ce8d2f90ec79cc737f130e909eae6
SHA3-384 hash: 35e5f276c395465cc096d9f6cc817e37a6656cbe0dccddb6d88ed92da090babbd3fe30ee24447d358cb6794b971739c7
SHA1 hash: 41e3ad8569fbebfc6a40cbce722bd1007f08907d
MD5 hash: 80ddf7d6d03f7d08b0c6cf3ea99477f2
humanhash: mockingbird-winner-failed-texas
File name:Eximbank PDF.bz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:412'359 bytes
First seen:2020-05-12 08:20:12 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:WO6J6wuzoBGiHxoOBhQbopIrwqBPqmL+1AJa:W1DuUBvf4kpIrDI7
TLSH 0A9423ED04545B86D09B890ECEF7A7B971F1480CA23CA1D653DE264333BA25D90B5DF8
Reporter abuse_ch
Tags:AgentTesla bz geo TUR


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.hamdikucuk.com.tr
Sending IP: 176.236.52.186
From: Nursen KAVCI <ncagin@eximbank.gov.tr>
Reply-To: Nursen KAVCI<ncagin@eximbank.gov.tr>
Subject: 34420/9 KOBI Ihracata Hazirlik Kredisi Yapilandirma Bildirimi
Attachment: Eximbank PDF.bz (contains "ggggdrdg.exe")

AgentTesla SMTP exfil server:
mail.mkkarakosemobilya.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisC563A1A2B846.23953.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 08:35:58 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dumtbnf6hpef2br6oozz3gtanfnyz2gs7ehmphghg7ytb2ij5lta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 1d1930b4be3bc85d063e73b39d9a60695b8ce8d2f90ec79cc737f130e909eae6

(this sample)

AgentTesla

Executable exe e0d1c1f7fd8a8d07882ceeb4d681f9ff2b36912e9b0a8b182b3252599c2ea699

  
Dropping
MD5 c563a1a2b846b84d781e7affbcf10988
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e0d1c1f7fd8a8d07882ceeb4d681f9ff2b36912e9b0a8b182b3252599c2ea699

Comments