MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2fa273a00b6db1a53bdaa21fb0f81ee320c6a0b6376158e95b3de444f757f4b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2fa273a00b6db1a53bdaa21fb0f81ee320c6a0b6376158e95b3de444f757f4b7
SHA3-384 hash: 45d82a819f2551f862647f4bb89f9cb6e82c939adec0bd5ac2ee79a8cd3a6b3129457f6af53891805e0509f0ad252152
SHA1 hash: 4a66a02a0fb85db9ca02fac59d0204ac542b9050
MD5 hash: a7b4fdacf4c5cec8228a516903f469f5
humanhash: connecticut-utah-blossom-charlie
File name:copia del recibo 000201106012020.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:468'790 bytes
First seen:2020-06-02 06:40:19 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:TUHPgUbphclWnIx8K0ceb0KS0cQPkrA96p+Tm8zU48Yl7M:IHoUbvQOIqK0ceoKhPjsp+C818wI
TLSH D5A4230D24D3AB3AC1993E0940FFF52E9DC6464B6D2275ECD4B7264CFD20A8049DABB5
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.processing.ro
Sending IP: 86.107.224.178
From: Sabas Sarmiento <sabassarmiento9@gmail.com>
Subject: Copia del recibo
Attachment: copia del recibo 000201106012020.7z (contains "copia del recibo 000201106012020.exe")

AgentTesla SMTP exfil server:
mail.ductoslimpios.com.mx:587

AgentTesla SMTP exfil email address:
ventas@ductoslimpios.com.mx

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 02:33:00 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
10 of 31 (32.26%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f6rhhialnwy2ko62uip3b6a64mqmnifwg5qvr2k3hxsej52x6s3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 2fa273a00b6db1a53bdaa21fb0f81ee320c6a0b6376158e95b3de444f757f4b7

(this sample)

AgentTesla

Executable exe 1ea72043598a1a8eea973a2bdc0f20c2291c1b5da34b04c3a7bc32d6b70e7863

  
Dropping
MD5 1668b6105e28f6aa86698f67c845ca3c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1ea72043598a1a8eea973a2bdc0f20c2291c1b5da34b04c3a7bc32d6b70e7863

Comments