MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20b857f2ee40f18210cc2d8e6141ea5650bbe3e5863c05eece93dca0be20ac00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 20b857f2ee40f18210cc2d8e6141ea5650bbe3e5863c05eece93dca0be20ac00
SHA3-384 hash: 442af0458421c5d4b3734b76c9bbcee9142267903f5531081e8bc28296167f0d016f27563be9364a1a443d9076934f11
SHA1 hash: fc3fad751fb48bfaf6152c98385d419076a8c34e
MD5 hash: af180480ce30cfe5ccb5db10642fdd7d
humanhash: timing-twenty-romeo-beer
File name:PO-326T-05142020.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-14 16:40:45 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:KSEmKANt+LA+caJ0mW7Lkn4Y8UqyxFa0OX6EBbnl6nL1:KSfsLA+caJ0snoURriThl6nL
TLSH EC450295A248DA6FCA5A0BBC55B2390642F2BDB06175CF4E7E8D71B53B333CA480174B
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sip1-210.nexcess.net
Sending IP: 209.126.18.174
From: CARMELITA IGLESIAS <info@adax.pt>
Subject: Urgent Order PO-326T-05142020
Attachment: PO-326T-05142020.IMG (contains "PO-326T-05142020.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 17:35:50 UTC
File Type:
Binary (Archive)
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ec4fp4xoidyyeegmfwhgcqpkkzilxy7fqy6al3wospokbpravqaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 20b857f2ee40f18210cc2d8e6141ea5650bbe3e5863c05eece93dca0be20ac00

(this sample)

AgentTesla

Executable exe d256dcd3fe9558c5d88fe07815714892f11806577d6bc5ec726124a60678c89f

  
Dropping
MD5 8457d760cbf08dc443af8dc6323b6067
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d256dcd3fe9558c5d88fe07815714892f11806577d6bc5ec726124a60678c89f

Comments