MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1fb5662d4250c040f62f71196576ada28183f4890d8eafb7822f102e4aba1702. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1fb5662d4250c040f62f71196576ada28183f4890d8eafb7822f102e4aba1702
SHA3-384 hash: 31d1c5ae9211060dcab188b1ed0981ec521890363391af7c887ec9e40307661de9a344f58e2fffb2ed9dc59ba96f07b7
SHA1 hash: bf38acdbb9ea23e9743e3ca5e2c60ed15f7e90b7
MD5 hash: 0b0a39378ead15f5347dc4dd98c2cd51
humanhash: kitten-pasta-two-lamp
File name:order 3926-Data list31072020_pfi3.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:284'865 bytes
First seen:2020-07-31 06:53:38 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:EQw9kJnTh4sHmnPssvB/Mmot6e1u+/OqjMg5TjIYL:EQ3V4/UsPosMu+/og5XpL
TLSH 4E5422CB0A27E14AE7D9C52F5FA7DC45E8D37EBCC4A0A82F0D28DAD08ECB9517540690
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: d0.020.viliianesefmsrl.cf
Sending IP: 128.199.114.214
From: "Chongan Wang" <aallen@acaciainsights.com>
Subject: order 3926-Data list31072020_pfi3
Attachment: order 3926-Data list31072020_pfi3.gz (contains "order 3926-Data list31072020_pfi3.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1fb5662d4250c040f62f71196576ada28183f4890d8eafb7822f102e4aba1702/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-31 06:55:08 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d62wmlkckdaeb5rpoemwk5vnukayh5ejbwhk7n4cf4ic4sv2c4ba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1fb5662d4250c040f62f71196576ada28183f4890d8eafb7822f102e4aba1702

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 1fb5662d4250c040f62f71196576ada28183f4890d8eafb7822f102e4aba1702

(this sample)

AgentTesla

Executable exe 0e259671cbd2d052be8f668fc53c67a0407ea7fd730d880ca60f7f1a94bea34f

  
Dropping
MD5 4ed1b57b86dd27f7dd4ca79718be512e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0e259671cbd2d052be8f668fc53c67a0407ea7fd730d880ca60f7f1a94bea34f

Comments