MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51d571570b5246515fb82961dfb2e867c7fc19d50ac4073fb760a82287b0c188. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51d571570b5246515fb82961dfb2e867c7fc19d50ac4073fb760a82287b0c188
SHA3-384 hash: c711653c20d2ba59655f60846ef68820af68a5693266fa2c5a8f1a6291865bac2442f02f1dda80279d2938cf024ea99c
SHA1 hash: af3927f992e52feb64e2c41e7c8890b8e9b511e1
MD5 hash: ef775febdd3fd1efbd686c03241f9af9
humanhash: vermont-fourteen-alabama-cat
File name:proforma invoice.Z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:471'996 bytes
First seen:2020-04-21 09:58:13 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:oOIct4itsKY+JYSmPxQ5mQOldQBE306MrxsA2:oOVtAK6SS7ldQBE3o6
TLSH 8CA423D2609738D33B34DAB4363A4EF279FE51CADB1B41B8B2C2841B8CF6C1191952D6
Reporter cocaman
Tags:AgentTesla z


Avatar
cocaman
Malicious email
From: Young Chul<accounts@siepmanns.com>
Received: from siepmanns.com (unknown [212.83.46.23])
Date: 21 Apr 2020 02:25:23 -0700
Subject: PROFORMA INVOICE PAYMENT CORRECTION!

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 19:29:00 UTC
File Type:
Binary (Archive)
Extracted files:
25
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=khkxcvylkjdfcx5yffq57mxim7d7ygovblcaop5xmcucfb5qygea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 51d571570b5246515fb82961dfb2e867c7fc19d50ac4073fb760a82287b0c188

(this sample)

AgentTesla

Executable exe dba18c9e1704591fe1a96b251fdeb88e3b9d73acc49b2269dbb05f1ad065fa03

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dba18c9e1704591fe1a96b251fdeb88e3b9d73acc49b2269dbb05f1ad065fa03

Comments