MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 22e378d6aa9e2d519c8d1f221379b2ffd4b1bc1c76bb94fd7b3e4107efa26e05. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 22e378d6aa9e2d519c8d1f221379b2ffd4b1bc1c76bb94fd7b3e4107efa26e05
SHA3-384 hash: 80bc654c40692f17e1e61349564aaaf74c2ac8489fd965c63c5737946d882c7771d39d2f576fa623ab97b9d7d71cf4a4
SHA1 hash: caf4092519f0cc80d6bc80363e4d58449ba0f2db
MD5 hash: 8b495b4bd615f094c4725382a22e0e95
humanhash: coffee-asparagus-idaho-charlie
File name:REVISED PROFORMA INVOICE.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:383'930 bytes
First seen:2020-05-25 13:53:43 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:by0qBuL4hT3DiXrol0srLT1RbO5p4BregT8yyfQZeupX+IeQNY1L78pICw:xq0LMT3Irk0cLbOUBrvTLyIZeuB+91uG
TLSH 4B8423D348551BB4726FED68E723D16FCA9DB93750321244EC2019041B71E2A2EBBA7F
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.sgbcg.com
Sending IP: 113.11.251.241
From: Sales <rabih@emirates.net.ae>
Subject: Re: REVISED PROFORMA INVOICE
Attachment: REVISED PROFORMA INVOICE.zip (contains "REVISED PROFORMA INVOICE.exe")

AgentTesla SMTP exfil server:
protectorfiresafety.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 14:30:37 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
21 of 47 (44.68%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 22e378d6aa9e2d519c8d1f221379b2ffd4b1bc1c76bb94fd7b3e4107efa26e05

(this sample)

AgentTesla

Executable exe 4d1fc12e362e8f90ad1407c54575e3c39f3fd8cacde48007ecf46baa9ba1473d

  
Dropping
MD5 5cc2088692390c0ec769de5f619e391d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4d1fc12e362e8f90ad1407c54575e3c39f3fd8cacde48007ecf46baa9ba1473d

Comments