MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 319a79163ef58a9034c6d4ce7185b9102022a4a30175353a77703b0802464b22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 319a79163ef58a9034c6d4ce7185b9102022a4a30175353a77703b0802464b22
SHA3-384 hash: 32e06238e96b747cc050a82ccce16b35e265f4454e9db9400db7984169c3b4d869b955ae0e2706d5ffe59a39e837710e
SHA1 hash: 7704cd04d200caadc5217f99235c5bb4146463e8
MD5 hash: 2be804e4678b2032a3fb590fea73af53
humanhash: beryllium-quebec-low-bluebird
File name:LEGAL NOTICE 67679415317.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:384'571 bytes
First seen:2020-06-18 06:10:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:oEd6wz9uHE+iIiNxzi2rMp4zu9l4B/n9b9AVV+qxTRx7k3IHxDwzLfpP0r:L6WuHFitNxziHF9e/n9bCV+T34MLRg
TLSH 378423B1E53831A380C64315CCCD1A180B15AD9AB0550CBFDB72C6FD829B97BA79363B
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.sgbcg.com
Sending IP: 113.11.251.241
From: Dallas (Principal Office) <bob@braumillerlaw.com>
Subject: FWD: Legal Action Notice
Attachment: LEGAL NOTICE 67679415317.zip (contains "LEGAL NOTICE 67679415317.exe")

AgentTesla SMTP exfil server:
protectorfiresafety.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Generic.fc.30295.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 06:12:06 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ggnhsfr66wfjangg2thhdbnzcaqcfjfdaf2tkotxoa5qqasgjmra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 319a79163ef58a9034c6d4ce7185b9102022a4a30175353a77703b0802464b22

(this sample)

AgentTesla

Executable exe c0eb2f545d41334272272e0499b31a1725aaf3880f4e0a2469590dc47ce801c4

  
Dropping
MD5 24f15e30ff1e93dcba568b661a9cec94
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c0eb2f545d41334272272e0499b31a1725aaf3880f4e0a2469590dc47ce801c4

Comments