MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e36e0d8183dc5620f5f21b9192e4bd359fa03169e429ed4b569a603b85e921c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e36e0d8183dc5620f5f21b9192e4bd359fa03169e429ed4b569a603b85e921c
SHA3-384 hash: 6236ff3ce7144f74c3d568b9a614ac0472471359922ac8b10be7d17d6271c015b307183b68a5e2c733023d38406fecd4
SHA1 hash: 5394f335eca309609c9993a795ccd3eb5fce9c52
MD5 hash: 808e5d51169a66f70dd52a9f8f3a06c5
humanhash: spring-island-cardinal-bakerloo
File name:revised PI.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:385'604 bytes
First seen:2020-05-28 06:15:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:V/I2TCScC7YIsNfVP5iGEMVzF7nNDb2GQBiMgQrvj4b+Ov7WtefFi:pWScC7YPNREKzFBkdgQjj4b+OvSt+Fi
TLSH 4C842391087B5418C82A762AFF97C239162F8C9DA4F24737766106328FD76C3F9CDA25
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp113.iad3a.emailsrvr.com
Sending IP: 173.203.187.113
From: engg2@ascjsr.com <engg2@ascjsr.com>
Subject: Re: Revised PI
Attachment: revised PI.zip (contains "revised PI.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.fc.4709.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 06:36:46 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 5e36e0d8183dc5620f5f21b9192e4bd359fa03169e429ed4b569a603b85e921c

(this sample)

AgentTesla

Executable exe eafe80f90a3a9a02cea6165309b01aab3ab9b7eab9401342b665e8fdefc65869

  
Dropping
MD5 3194620f4034331c79d5d0dfc6023776
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eafe80f90a3a9a02cea6165309b01aab3ab9b7eab9401342b665e8fdefc65869

Comments