MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 35b2f21bce083840f9dfe937a1d944365c5cc03849713a9f9429d5049631be32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 35b2f21bce083840f9dfe937a1d944365c5cc03849713a9f9429d5049631be32
SHA3-384 hash: da9a2add4c9efa79dcf7476a57e9df774c94c732759f11673984917eb5c5567bf56acdc7063765076a6daa5e910b0e4f
SHA1 hash: f34493a5b760f40e6a1d78d1fbfd834797ae1f1a
MD5 hash: 6077748535fca200a539bbd958aa5a56
humanhash: spaghetti-west-ink-five
File name:IMG101202070.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:768'731 bytes
First seen:2020-07-16 10:40:54 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:1s6GlMopzY2S5hfOcYUHNVhdrQ6VoVI+1j8X8zMFZiy3QR7n8sQywP:14pzY95hJVNVfLoWdMzaXgR75vwP
TLSH 9CF423A2EAC56940D1B2EBA48572D72C0AC38786721FD61B048876D465FF1F7CCEE0B4
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: fococonsultores.net
Sending IP: 82.223.29.21
From: Shaikh Jaffar Ali <sales@mf-industry.com.ae>
Reply-To: sales@mf-industry.com.ae
Subject: Quotations
Attachment: IMG101202070.7z (contains "IMG11202070.bat")

AgentTesla SMTP exfil server:
mail.magicpharma.pt:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/35b2f21bce083840f9dfe937a1d944365c5cc03849713a9f9429d5049631be32/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 10:42:11 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gwzpeg6oba4eb6o75e32dwkegzofzqbyjfytvh4ufhkqjfrrxyza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 35b2f21bce083840f9dfe937a1d944365c5cc03849713a9f9429d5049631be32

(this sample)

AgentTesla

Executable exe a66773bfc5fe5cfabc1ba18edbf514246699d37ccaace2705a8f4c0ecb6ee8bd

  
Dropping
MD5 e12344e0c8ee8f3b4cc19f0e1260c82f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a66773bfc5fe5cfabc1ba18edbf514246699d37ccaace2705a8f4c0ecb6ee8bd

Comments