MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f1aac2eb3b1fe450d094a6d8955af916dba46f0a95ca9f3f888c6f149d70a24. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f1aac2eb3b1fe450d094a6d8955af916dba46f0a95ca9f3f888c6f149d70a24
SHA3-384 hash: c057ee475e8ce80d240f92293a43d82f6cd897ebda0d6039790355459b5a1adaa8bd5b135566175012caadd705a2822e
SHA1 hash: 1af7384ecf410884296673c2b0783f1ff9d00469
MD5 hash: d48918d073c6813886821e82cb770194
humanhash: autumn-september-solar-winter
File name:FINAL ORDER QT-PO10-00510-Rev01_PDF.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:427'266 bytes
First seen:2020-05-14 06:26:11 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:q3zvOh2vLw+leNNe9JRZiqqrz0jeRahORPGx3if6gIAOJIKko8G5Sis9m5rycvb1:qbXc+7XUL0aRahOReAU2ozSv9m5rBj5L
TLSH E89423FB05FB40138E98674D1EC51FA316348D90CEAA9B93BF76D42009E12E04F67B69
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.ducki.at
Sending IP: 62.178.116.10
From: Manuel Blau <manuel@ducki.at>
Subject: AW: New Order
Attachment: FINAL ORDER QT-PO10-00510-Rev01_PDF.7z (contains "FINAL ORDER (QT-PO10-00510-Rev01)_PDF.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 06:37:00 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f4nkylvtwh7ekdijjjwysvnpsfw3urxqvfokt47yrddpcsoxbisa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 2f1aac2eb3b1fe450d094a6d8955af916dba46f0a95ca9f3f888c6f149d70a24

(this sample)

AgentTesla

Executable exe 0d2443b974855cb4c9cd94ecd2586ee38bbe575fa42e702e7f0f7cf25f15a54b

  
Dropping
MD5 a29de68a1e08412d279cd7594f479614
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0d2443b974855cb4c9cd94ecd2586ee38bbe575fa42e702e7f0f7cf25f15a54b

Comments