MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56a0eb97cb363b128056d4cb2a6b68af335ee9079fcce1b1fa97a9b6588046db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 56a0eb97cb363b128056d4cb2a6b68af335ee9079fcce1b1fa97a9b6588046db
SHA3-384 hash: 733560dd839f2e7fc6e49118364a4e7b8cf8f8454bd055fd443aafdea092ce21be8389ec8a40d89473939ace483d2d72
SHA1 hash: 6db9d763769a821d75952480abdebaaaf5be525e
MD5 hash: ea98b637d9e6426da7bd28d0090d7794
humanhash: hot-freddie-magnesium-earth
File name:01.05.2020 - 30.05.2020.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:475'563 bytes
First seen:2020-06-02 06:48:40 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:JuZDbPPZPMWOBrgv7VmHQwEG7y7tH9hsp4JRTc8f5:JuZ2drg4QwJy7Cp4JRY8x
TLSH 95A423230C0EFE6A27D3545E1BADE27A64109D43D4CDDA9DFE7FB6C2009870E6988764
Reporter abuse_ch
Tags:7z AgentTesla geo GRC


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: s3.gtsystems.hu
Sending IP: 45.87.115.204
From: Armodios Tsalikidis <armodiostsalikidis@live.com>
Subject: Οι συναλλαγές του λογαριασμού σας μεταξύ 01.05.2020 - 30.05.2020
Attachment: 01.05.2020 - 30.05.2020.7z (contains "01.05.2020 - 30.05.2020.exe")

AgentTesla FTP exfil server:
ftp.tde.ro:21

AgentTesla FTP exfil user name:
pascal@tde.ro

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 01:54:24 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
15 of 48 (31.25%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k2qoxf6lgy5rfacw2tfsu23iv4zv52iht7godmp2s6u3mweai3nq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 56a0eb97cb363b128056d4cb2a6b68af335ee9079fcce1b1fa97a9b6588046db

(this sample)

AgentTesla

Executable exe 712c2d3aaffe34c0f1a080ae6f53dc3f1969986bc3debf10f67cda3420fc21ad

  
Dropping
MD5 67f2f28aca65f426135be88c40ba6143
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 712c2d3aaffe34c0f1a080ae6f53dc3f1969986bc3debf10f67cda3420fc21ad

Comments