MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f0ba3fa47019589524c8bb5c2972d5f04690836fb55edba36cfc46be70fcfde. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f0ba3fa47019589524c8bb5c2972d5f04690836fb55edba36cfc46be70fcfde
SHA3-384 hash: 855f6be59f7b0ff90a7f7b5efba5efdc2567cbc748d57f99f4754a466553a7def67310517e2091339735c5d6ab59c23f
SHA1 hash: a5ed2677ac2aa2d15ad47eb124a960aabccde519
MD5 hash: 5563d8df483e389931a1971a936f7af6
humanhash: earth-april-oxygen-pip
File name:shipping doument.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:501'033 bytes
First seen:2020-07-29 14:38:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:6qdNa+0aZvianshWT7pFZsezxBnocUbzglM5H4zCieD+lp:ldNa+BZqu1p71T5vMRyCiiUp
TLSH BAB42378320DC2519922DD72EB8B0879C93C5C9A7C677474A3AF06D5B40F4E9E2DED22
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: PETRONAS.com
Sending IP: 156.96.62.76
From: Ibrahim Mohammed <Mohammed@PETRONAS.com>
Subject: Construction, Installation and Commissioning for PEGAGA Development Project – Mubadala Petroleum.
Attachment: shipping doument.zip (contains "shipping doument.exe")

AgentTesla SMTP exfil server:
smtp.millndustries.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FXUDF464A927FA2.6331.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3f0ba3fa47019589524c8bb5c2972d5f04690836fb55edba36cfc46be70fcfde/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 14:40:07 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=h4f2h6shagkysusmro24ffznl4cgscbw7nk63orwz7cgxzypz7pa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/3f0ba3fa47019589524c8bb5c2972d5f04690836fb55edba36cfc46be70fcfde

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 3f0ba3fa47019589524c8bb5c2972d5f04690836fb55edba36cfc46be70fcfde

(this sample)

AgentTesla

Executable exe fb48b5cc967c5bea1799607218168a28acf394c89b5d89de2b7a98ad1a2e0c8c

  
Dropping
MD5 df464a927fa22e0d5a60ab2cfb494167
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fb48b5cc967c5bea1799607218168a28acf394c89b5d89de2b7a98ad1a2e0c8c

Comments