MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 493e9ce3194aafcd86101496c450ac303d27386e2f961f5474e15f49d62d3060. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 493e9ce3194aafcd86101496c450ac303d27386e2f961f5474e15f49d62d3060
SHA3-384 hash: d992618f0e94b5bbdaf46cf505fccf15067b06cc52cad30043ef012d4924065fdc4fae4defa5d2c35917d71e0c373c6d
SHA1 hash: d4d34304fbf19e07c3f735756a2b23522f16dd94
MD5 hash: 838f8727b1190caa7cf8db80a5118667
humanhash: echo-burger-sad-cola
File name:PO COPY.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:395'240 bytes
First seen:2020-05-24 12:44:06 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:H9GaQwEoNH8URrvf98HLk0W/EFCwlAAj4KMrMr:H9GeNcUFvf+YrwlAABMM
TLSH AA8423F2578ED1C55A9362CD70D8C44EB8A38890D436B4EBA20CF50165718DB85AEDFF
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: yandex.ru
Sending IP: 95.211.208.58
From: Export Department<ac.general@yandex.ru>
Subject: Urgent Invoice
Attachment: PO COPY.pdf.z (contains "PO COPY.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-24 11:13:35 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 493e9ce3194aafcd86101496c450ac303d27386e2f961f5474e15f49d62d3060

(this sample)

AgentTesla

Executable exe 84f3be7fe0f91c7601ae5022318efbb0eb34fb1b8df0eed96082e1752e0e8ba1

  
Dropping
MD5 b851a6e13b5fdecd79be22af1b3d9657
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 84f3be7fe0f91c7601ae5022318efbb0eb34fb1b8df0eed96082e1752e0e8ba1

Comments