MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5427c1457c50731447fbb29bd54f668519755700ccfde5f06a04e2e2812c2286. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5427c1457c50731447fbb29bd54f668519755700ccfde5f06a04e2e2812c2286
SHA3-384 hash: 29f9b10c7f3af764139c1ea7514e88a98379c4667e13250337c224ecf572a31137627a2404a36aacd9648903241a2ae1
SHA1 hash: 30dab94034a6b4ce63fe616a399c239b8f5ec6fa
MD5 hash: 69884ed70f87aa6942ce34e3b506dbb9
humanhash: romeo-vermont-carbon-island
File name:P.O.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:350'868 bytes
First seen:2020-07-16 10:05:47 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:xR07LHgagbH637VZ8pkLioohl/bqVKhEv5KlZ+d1rjzJTPMxG6MJ:xRsAagLuBZUTzfjcKKv5A+7vJjMxYJ
TLSH E57423F48D5FFB1A73745E90AB0099DAB08668BD501C2E1934FB07E775C81E2228D5BD
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.itrad3r.com
Sending IP: 45.140.168.119
From: Bonfiglioli PVT <Info@bonfglioli.com>
Subject: Purchase Order
Attachment: P.O.gz (contains "gunzipped")

AgentTesla SMTP exfil server:
mail.kinangopdairy.co.ke:587

AgentTesla SMTP exfil email address:
james.muiruri@kinangopdairy.co.ke

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.15083.6862.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5427c1457c50731447fbb29bd54f668519755700ccfde5f06a04e2e2812c2286/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 10:07:05 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kqt4crl4kbzrir73wkn5kt3gqumxkvyazt66l4dkatrofajmekda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 5427c1457c50731447fbb29bd54f668519755700ccfde5f06a04e2e2812c2286

(this sample)

AgentTesla

Executable exe 7be1a27c42f1dd1703b4e35bb619ae44fe55c29abe8ad204bdc1cdd91e75e7a8

  
Dropping
MD5 3a917a8551132d01bfa74f6bf855274e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7be1a27c42f1dd1703b4e35bb619ae44fe55c29abe8ad204bdc1cdd91e75e7a8

Comments