MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 306d42835736adead520aad0c3eda098e92e7e315774050f8591b5d76ea45e05. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 306d42835736adead520aad0c3eda098e92e7e315774050f8591b5d76ea45e05
SHA3-384 hash: 4463faae413e589f657cc049f0f5e96e99ce8e4b1737e1418f9902207ce95fd2e2507de1c1a9d998f18c7d5bc954be37
SHA1 hash: 14c5f3dafe99c8edd4f6f644a0a1486471501b11
MD5 hash: e7821807ab9d540fd9f5cc573eba46a0
humanhash: robert-network-october-uniform
File name:copy of the TT 5192020.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:350'360 bytes
First seen:2020-05-19 14:52:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:WZ7emoNyAI3r4MW2vI35G0JdIu4JNuS91RZ3xJz4xHt3BGnJed:I7emoNDI30MFvI35FAue5BF4xHt3QJed
TLSH 9B742351DE57B464C7FED45D2CF129A0182E341892B2967F2C4EBA0E2A112B13AF7B58
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 5bo.com.tw
Sending IP: 37.49.230.30
From: finance1@5bo.com.tw
Subject: copy of the T/T 5192020
Attachment: copy of the TT 5192020.zip (contains "RFQ quotation 5192020.exe")

AgentTesla SMTP exfil server:
smtp.bnb-spa.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 15:36:07 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gbwufa2xg2w6vvjavlimh3natdus47rrk52akd4fsg25o3velycq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 306d42835736adead520aad0c3eda098e92e7e315774050f8591b5d76ea45e05

(this sample)

AgentTesla

Executable exe ae3f7f0c8e9e91bd685fb8a1d7746698fcd4feccd838343c996955034437dbf1

  
Dropping
MD5 0ceb5f383323920554a212c12f2b3111
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ae3f7f0c8e9e91bd685fb8a1d7746698fcd4feccd838343c996955034437dbf1

Comments