MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ecf99b05ac2a578a8cf62c3325844bddc8434022247f629ee568cb236774b93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ecf99b05ac2a578a8cf62c3325844bddc8434022247f629ee568cb236774b93
SHA3-384 hash: 9a6a4d3952a42d8907d71b63018a04722216e72e7d5791099a9e0600c1fdb95a6c6a064bd5ae3fe9254d22c4a0773a84
SHA1 hash: a62c7fc0d202fc7b75c62da41cccc36198937727
MD5 hash: 16343fc2267a42be2c64b3912becd870
humanhash: nitrogen-golf-steak-carbon
File name:Quotation prices accepted with designs and images.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-13 07:14:28 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:2MmokmvQfqyjIZliMF6wcukI+0UPcxdjWW4XC2niig:zfkmYfuliMF9Fk23xlYCkid
TLSH D845121E7268BBBFD69E06F46052A14403F19C069682F3E97C9C35EA7FB67D48513183
Reporter abuse_ch
Tags:AgentTesla img Yahoo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sonic310-23.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.186.204
From: ricky0844@yahoo.com
Subject: Hello Supplier
Attachment: Quotation prices accepted with designs and images.img (contains "Quotation prices accepted with designs and images.jpg.exe.exe")

AgentTesla SMTP exfil server:
smtp.yandex.kz:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 07:36:48 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h3hztmc2yksxrkgpmlbtewcexxoiinacejd7mkpok2glentxjojq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 3ecf99b05ac2a578a8cf62c3325844bddc8434022247f629ee568cb236774b93

(this sample)

AgentTesla

Executable exe 5d8dc0d20ebc682fdd90bbbb8eb0d57203557feca6a52a12c98816a387656315

  
Dropping
MD5 aaca4b0d1957fe6d3bf9e152ef7a4cd3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5d8dc0d20ebc682fdd90bbbb8eb0d57203557feca6a52a12c98816a387656315

Comments