MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2119d571b5c0175ad40fb283058a6442e8c29dbbbea61778bb0cfbe40477b9ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2119d571b5c0175ad40fb283058a6442e8c29dbbbea61778bb0cfbe40477b9ef
SHA3-384 hash: 4272d5a8de6427f19a034df5e4bdcde8fb239afb6b0bf0facc8d9f5121ac25c0368daca9ee0fec4e9fb423aa2fad2a1f
SHA1 hash: ae60771491cccb559809820ec0c601996caf2d20
MD5 hash: 9903c3225967dec8241a692cb588e34c
humanhash: one-fifteen-lithium-mississippi
File name:Machine Specifications xlsx.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:817'772 bytes
First seen:2020-05-26 10:31:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:ZLCCQLdh0xqBTFrE1LCCQLdh0xqBTFrEg:8Zho6TqIZho6Tqg
TLSH B2052391B11F937A44056E4F28B46D05AB147878E064B8CEF975136E10A72EC1FFEAEC
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: rdns0.ascendmolds.com
Sending IP: 5.253.86.62
From: sales@yodermachinery.com
Subject: Quotation
Attachment: Machine Specifications xlsx.zip (contains "Machine Specification.exe")

AgentTesla FTP exfil server:
ftp.chinas-ccp.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 10:10:42 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
28 of 48 (58.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 2119d571b5c0175ad40fb283058a6442e8c29dbbbea61778bb0cfbe40477b9ef

(this sample)

AgentTesla

Executable exe 90dcb385b06592664cb04ab1ac751748aafd8d8f9673547e19c8370bb614acf2

  
Dropping
MD5 bb73852b01bb1b52a7c14d1c968e0e88
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 90dcb385b06592664cb04ab1ac751748aafd8d8f9673547e19c8370bb614acf2

Comments