MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4bfd6a7c4b6a9ea5acd0384a1968871d2297a5fc3f223b3e6cc4bfcaa815ce38. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4bfd6a7c4b6a9ea5acd0384a1968871d2297a5fc3f223b3e6cc4bfcaa815ce38
SHA3-384 hash: 125fb14ed61c554ff7f81a9b8f766b8beb573aca75627cf1a40fb09d666e7a23ef00a683244e32893958db41a7212019
SHA1 hash: 3eab1798cf36f59b56c57d656b6a75ca63d79ea5
MD5 hash: 8f5f4119848bd6191b0b623e53162cd8
humanhash: robert-uncle-white-music
File name:Quote20200565.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:406'109 bytes
First seen:2020-05-25 13:52:14 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:8hm0jbf7bJBwE0KBWcrbyG7kfTbodj/S8Blo:odbfrwEdBpfef4dj/SOo
TLSH AA8423233387E59215DFFE45BFE7400699513A3BAA65F98798090FDA23FD0294B4B10A
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: hameedentr@cyber.net.pk
Subject: Request for Sales Quotation (URGENT).
Attachment: Quote20200565.gz (contains "Quote#202005#65.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 14:33:13 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
15 of 31 (48.39%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 4bfd6a7c4b6a9ea5acd0384a1968871d2297a5fc3f223b3e6cc4bfcaa815ce38

(this sample)

AgentTesla

Executable exe d807dcfd04f5d5eac71522a29a6911c504039edb6277ba9b35953ca9f5fcef8f

  
Dropping
MD5 bf93d914389793e25a4a5ef621db891e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d807dcfd04f5d5eac71522a29a6911c504039edb6277ba9b35953ca9f5fcef8f

Comments