MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5949fddc5be5532dc56ef3bc2ae0c637e3cbd68c4c19d449f3225a63ecb6ced6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5949fddc5be5532dc56ef3bc2ae0c637e3cbd68c4c19d449f3225a63ecb6ced6
SHA3-384 hash: 7572f7de332ec2dc95b2f2a1e1deb413c89e960f8ae053de2d2311de484518325266d59bf1bf965020fee6bd59c86346
SHA1 hash: d29c4a907b0106de6435f18e3c7dd007180f6b9c
MD5 hash: 0c9bd2ea2a1befc5343bc55961ba9a54
humanhash: washington-three-robert-oxygen
File name:PO COPY.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:579'125 bytes
First seen:2020-06-04 07:10:46 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:F0cxF+405SayYejzwRZVlY2pvc7e0DpJUsxRO57a6Cax5AkD8:+zefwvyZJ3ROZxAkD8
TLSH AAC4239B112B9447FD2927B2864A1DF22D12B8FF4313CD7D9E18AF152F1C2192FE9918
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: yandex.ru
Sending IP: 95.211.208.58
From: 高楠 Export Department<ac.general@yandex.ru>
Subject: FWD: paid PO
Attachment: PO COPY.pdf.z (contains "PO COPY.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 05:49:49 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lfe73xc34vjs3rlo6o6cvyggg7r4xvumjqm5isptejngh3fwz3la._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 5949fddc5be5532dc56ef3bc2ae0c637e3cbd68c4c19d449f3225a63ecb6ced6

(this sample)

AgentTesla

Executable exe 5ed34087532263b2a7797a258fadc6d243e1eaedc7bcd2860fbb7ee2e1e6306c

  
Dropping
MD5 11edac01248f902a5520ec4c555143cc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5ed34087532263b2a7797a258fadc6d243e1eaedc7bcd2860fbb7ee2e1e6306c

Comments