MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2df58eaf3f637386ceffe9fff882f785a2b49d36c150552100ccd46451272e6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2df58eaf3f637386ceffe9fff882f785a2b49d36c150552100ccd46451272e6d
SHA3-384 hash: f13fb0f2cc57e5b6e0e150b34c9cfd4e63d5485bc38a1bab75ede2d5f724769c02bb6a5e94ea10405bccc9caec2b3027
SHA1 hash: f3ccb34a17e87ac6e1a23024e91498f17c8bfc9a
MD5 hash: 2b23bc418b60f277e81f8958813088fc
humanhash: friend-dakota-hamper-floor
File name:Facture dachat.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:274'007 bytes
First seen:2020-06-11 11:19:19 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:UInOwcRvntvNobVV1xZabtTzUVCkscjt0Z1wSQr7cTgvH0zmuAvJ:YTtgVPHVHx0ZaSQ/ygczmJJ
TLSH CD4423F2FC6D821DBFFE433605E9F5B1D2221F601BB68524A8DA56ACD0980473DD2762
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: qproxy2.mail.unifiedlayer.com
Sending IP: 69.89.16.161
From: commercial.dentalouest.net <commercial@dentalouest.net>
Subject: Facture jointe
Attachment: Facture dachat.gz (contains "Facture d'achat.exe")

AgentTesla FTP exfil server:
ftp.bazuka321.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 11:21:05 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fx2y5lz7mnzyntx75h77raxxqwrljhjwyfifkiiaztkgiujhfzwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 2df58eaf3f637386ceffe9fff882f785a2b49d36c150552100ccd46451272e6d

(this sample)

AgentTesla

Executable exe 47aecc3c4471c61bf636bc9a05fda7376bd302441e7016d0aabc4487cfdbabbd

  
Dropping
MD5 8399babb22331250e07b9371c5e7d54f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 47aecc3c4471c61bf636bc9a05fda7376bd302441e7016d0aabc4487cfdbabbd

Comments