MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31a2b9b150aed41cced0773e6da23553485a8a077652153433f2349e397b9534. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 31a2b9b150aed41cced0773e6da23553485a8a077652153433f2349e397b9534
SHA3-384 hash: 0988ee20a3578088fcbcb552c0009e2f4ac4eba4be79dbec6c11c4c6229e29bebc738905f3e336c7e62e45e55bac42fb
SHA1 hash: 275465bbfe3def6ed8d0518fb8cc85df72f14d15
MD5 hash: 76e2dc1ad72950a5066d0b1a0ba35ad9
humanhash: pasta-zebra-nevada-mexico
File name:Order Datasheet.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:401'800 bytes
First seen:2020-06-03 08:44:30 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:AhAUguNsyY6doKFYPzBz+WnpSmtZgik752JG9VUx:xUguUAoJPz1+xmPgik75i
TLSH 9984235D3CA90935AA4750BFE9030C7230A9FEB7E49B670442743F75E7721746E4A918
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.khgftsghbjg.gq
Sending IP: 89.32.41.174
From: Jessica Lee <admin@khgftsghbjg.gq>
Reply-To: harishguptmaya@gmail.com
Subject: Mask-KN95, 3-ply civilian disposable masks and gloves
Attachment: Order Datasheet.zip (contains "Order Datasheet.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.23990.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 03:06:50 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ggrltmkqv3kbztwqo47g3irvknefvcqhozjbknbt6i2j4ol3su2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 31a2b9b150aed41cced0773e6da23553485a8a077652153433f2349e397b9534

(this sample)

AgentTesla

Executable exe c870eabce5b0f977272f5e0536d841e7a59170bf13414bcf8338099160c66d8b

  
Dropping
MD5 a5ba86c6657ece1159d806fd4f26083d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c870eabce5b0f977272f5e0536d841e7a59170bf13414bcf8338099160c66d8b

Comments