MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5235deb74df6d58cdfba523e04bba4333b9b26f34bf45c25ceca19057b8f509e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5235deb74df6d58cdfba523e04bba4333b9b26f34bf45c25ceca19057b8f509e
SHA3-384 hash: d28615ff903aaf2fac1cf8239993116ba8deb09f37a9d4dcdeec1cb31ca2dab6bc9c4acc1e6538847e1e2754a91736e9
SHA1 hash: 02373a6085e3ed83b66e2096e38d0bce89b2470d
MD5 hash: 85e0ab9b663b271d695d3b7f8ed97364
humanhash: vermont-carolina-princess-carpet
File name:Fizetési igazolás 2020.08.14.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:420'161 bytes
First seen:2020-08-14 09:09:53 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:Ckl4k8eUOhNVkdZ/PfQd2jDKyYGxF5TBJlV9MwLAw:CQ4k8eHkdZfQdA2hoXMQ
TLSH B99423ACFE008F89980C15195A279CB5E959E52DC2F60107A4D62F35C7F9DFBC64B283
Reporter abuse_ch
Tags:7z AgentTesla geo HUN


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.tipografiaklm.ro
Sending IP: 86.124.79.107
From: Soros Frank <sorosfrank@gmail.com>
Subject: Fizetési igazolás 2020.08.14
Attachment: Fizetési igazolás 2020.08.14.7z (contains "Fizetési igazolás 2020.08.14.exe")

AgentTesla SMTP exfil server:
mail.mlibano.com.br:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5235deb74df6d58cdfba523e04bba4333b9b26f34bf45c25ceca19057b8f509e/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 09:11:06 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ki255n2n63kyzx52ki7ajo5egm5zwjxtjp2fyjoozimqk64pkcpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5235deb74df6d58cdfba523e04bba4333b9b26f34bf45c25ceca19057b8f509e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 5235deb74df6d58cdfba523e04bba4333b9b26f34bf45c25ceca19057b8f509e

(this sample)

AgentTesla

Executable exe bec4fe42d25f56aab9a6a50118e310aff1c4383c161e9f7d774e9b1434115e2d

  
Dropping
MD5 03da2a587f4d6e3e1739d6bef6a5a150
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bec4fe42d25f56aab9a6a50118e310aff1c4383c161e9f7d774e9b1434115e2d

Comments