MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b10bb43986c9f630b2ffef4fa1c01efb55d69b950d9168214c9ca1e4dd8371a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b10bb43986c9f630b2ffef4fa1c01efb55d69b950d9168214c9ca1e4dd8371a
SHA3-384 hash: 70463a6ac300cecff618aa5277b4e7b1e335a476268c46864d3b2706f0ad6e4342a10737dd2f5d5781eb7dcf0508d9b9
SHA1 hash: c6780cfeec5dcf2380d24a3bd3f4a9e2144ae9a4
MD5 hash: d7b683b5b1de950f6ce59092db3b20c0
humanhash: papa-chicken-charlie-pluto
File name:AN-DSI-ASA18070011.pdf.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:439'232 bytes
First seen:2020-07-07 08:24:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:5THzB3/RAImvu6zFdZXIN4s0tg0FXxOhpsTe:5PpRAI6zzFdaN4sMg0FXxOX
TLSH 3D9423580EDE98701A6B6429D83911C7F7E1042B209A3FC9727F18F6736CE4C9D69E78
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: e2e-1-100.e2enetworks.net.in
Sending IP: 103.20.212.100
From: Zhang Wei <logistics@chokhidhanifoods.com>
Subject: ARRIVAL NOTICE//CHECK HBL//NEW SHIPMENT.
Attachment: AN-DSI-ASA18070011.pdf.arj (contains "AN-DSI-ASA18070011pdf.exe")

AgentTesla SMTP exfil server:
secure231.servconfig.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.7fb215ba062e0e3f.29298.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4b10bb43986c9f630b2ffef4fa1c01efb55d69b950d9168214c9ca1e4dd8371a/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 08:26:05 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jmilwq4ynspwgczp732puhab562v22nzkdmrnaquzhfb4toyg4na._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 4b10bb43986c9f630b2ffef4fa1c01efb55d69b950d9168214c9ca1e4dd8371a

(this sample)

AgentTesla

Executable exe 2bdc06696ba12ce9ab528c154da052cc9151cda183ed9e6e36692db87237dbab

  
Dropping
MD5 7fb215ba062e0e3f95202e40b96f8450
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2bdc06696ba12ce9ab528c154da052cc9151cda183ed9e6e36692db87237dbab

Comments