MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33cd727f0297a576ef4c13b68f53bffdf36b70d7a4a75cf7eae8c9a56def06e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33cd727f0297a576ef4c13b68f53bffdf36b70d7a4a75cf7eae8c9a56def06e0
SHA3-384 hash: ff9c84ea792af3b54cca90dc8eb10c5286d7ffee94410487ba6bbb853594978e0cb28bc29e42c6736feca204896c19c0
SHA1 hash: 6b2b402b1c960d62ed5c3b44de966f73fbf0778e
MD5 hash: e6190bcbd49929d77036b17ae0ba540d
humanhash: quebec-neptune-nebraska-artist
File name:Scan Payment Advice.pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:414'207 bytes
First seen:2020-07-01 16:09:20 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:h9PN0mnnuJyKA4Z9qilhSyETvbRLfvda4ixKWQH:fPqmIyD4i2IR5LXs4ixJg
TLSH C99423C8FB3BE385E099B957CB5854A1EA05A7150AF827827075FEAC3E4C2508DF64D8
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mashreq.com
Sending IP: 209.58.149.89
From: Michelle D'Souza, CIBG <MichelleD@mashreq.com>
Subject: Re FW Payment Advice Confirmation
Attachment: Scan Payment Advice.pdf.zip (contains "Scan Payment Advice.pdf.exe")

AgentTesla SMTP exfil server:
mail.cklbd.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/33cd727f0297a576ef4c13b68f53bffdf36b70d7a4a75cf7eae8c9a56def06e0/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 16:11:04 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gpgxe7ycs6sxn32mco3i6u577xzww4gxustvz57k5de2k3ppa3qa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 33cd727f0297a576ef4c13b68f53bffdf36b70d7a4a75cf7eae8c9a56def06e0

(this sample)

AgentTesla

Executable exe d323ad1ca431acbe0b5e81ca108a0535591a33e7587b144f4354a269f0e1837d

  
Dropping
MD5 71b155674fb638debd56a38b0b2d0df8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d323ad1ca431acbe0b5e81ca108a0535591a33e7587b144f4354a269f0e1837d

Comments