MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ae17874e90f4cd46cf4af6bb5387be460ddbbd9243cf0a03e9a5250edffeacb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ae17874e90f4cd46cf4af6bb5387be460ddbbd9243cf0a03e9a5250edffeacb
SHA3-384 hash: 5944f9fdc8ce5863b97c96d9964864f3db4fa35a0c2e7a25b21fc9bda10cf80667cbae2b8e8dfcf9aa5d22cc4cd50815
SHA1 hash: 7b1253b968dd48348909f45e17a0f4687de55d81
MD5 hash: e066ad13d8988481aa2113eb1ffbdb9b
humanhash: oven-foxtrot-nebraska-muppet
File name:68793.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'666'781 bytes
First seen:2020-05-13 11:08:45 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:tNMONrkmPA3j++H4nOeUmELHibo5HPNnbVu/bnFLDJ1rTrF1/Xl6XWFXm:tNMO5AT++HAd/QQotNnbQjFLDJVFhlRm
TLSH EE7533790E081B5D4D89B663CB78AC74F5EA469DA4DF2F48BE8823DC16389D04137E4B
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: bioska.sk
Sending IP: 95.211.217.177
From: 赵恩爱 <info@bioska.sk>
Subject: 询问新的供应商
Attachment: 68793.gz (contains "68793.exe")

AgentTesla SMTP exfil server:
smtp.ge-lndustry.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 11:36:58 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hlqxq5hjb5gni3huv5v3kod34rqn3o6zeq6pbib6tjjfb3p75lfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 3ae17874e90f4cd46cf4af6bb5387be460ddbbd9243cf0a03e9a5250edffeacb

(this sample)

AgentTesla

Executable exe d08aead15f73a995edb3859145a359316117d4b82d2c5a0f4a5b599eba28d263

  
Dropping
MD5 b0acdfae9280faed7dd513708d8de5e7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d08aead15f73a995edb3859145a359316117d4b82d2c5a0f4a5b599eba28d263

Comments