MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 544be315061e8804dd8f704fb36cd663d9964ec0282a2c38c96e9ee507760680. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 544be315061e8804dd8f704fb36cd663d9964ec0282a2c38c96e9ee507760680
SHA3-384 hash: f71376a2bfc5495582d51bfdc8938574438cfc9c3bf86060782a9dcc326c486a1eb81d125a3307b4504fe44248bb8fef
SHA1 hash: d94c7467a76ef1f8e7ed94043a71960315d3c5f4
MD5 hash: ff56bb0740e7f77de6ea8ddc50bd7352
humanhash: louisiana-april-sweet-comet
File name:INVOICE COPY.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:488'407 bytes
First seen:2020-05-13 06:38:43 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:b7PY77TzZvcTNv1EPopLuqFxpbiGqWd29TO3zY3qbW+g2prdm:b7+GTsSnFLKWd2uY6bbu
TLSH A4A423BE638F4FD4AB775BA4172D8945D2EE80A8CE87D54E3313358A0303D15AC965EC
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: yandex.ru
Sending IP: 103.99.1.170
From: Rose <ac.general@yandex.ru>
Subject: FWD: paid invoice
Attachment: INVOICE COPY.pdf.z (contains "INVOICE COPY.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 15:13:03 UTC
File Type:
Binary (Archive)
Extracted files:
298
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=krf6gfigd2eajxmpobh3g3gwmpmzmtwafavcyogjn2pokb3wa2aa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 544be315061e8804dd8f704fb36cd663d9964ec0282a2c38c96e9ee507760680

(this sample)

AgentTesla

Executable exe b8d0aaaac4f35677e4817853585a51dbdcd93cd1a35081e24557107584f318a9

  
Dropping
MD5 949df97bd21c6709c1894e9bc1004d82
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b8d0aaaac4f35677e4817853585a51dbdcd93cd1a35081e24557107584f318a9

Comments