MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f7cf8ebc9998c4146cc8765b96a2b34323014fc4cdbacfa22288a0777dc274e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f7cf8ebc9998c4146cc8765b96a2b34323014fc4cdbacfa22288a0777dc274e
SHA3-384 hash: 0caf8dff03c2df18623385f73184222cfdf2e879272367f81b531483237bdc829760e9d5e07779ec86ace57d76b72445
SHA1 hash: f0444b401b2e36c0349240c689ae2ff79304f303
MD5 hash: 3bd03a72547659fbc897ad73c0857607
humanhash: pasta-one-comet-finch
File name:Invoice ..6856.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:390'344 bytes
First seen:2020-06-15 12:31:43 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:r1P5Fgryhh1mqlURJ6X2Ox0sPfiASU3qXrWIFIUq+n/icho4fEE4+5BxftD6y9:rdPr1m0U6PpfKXrTFIChoQEE4Qt0y9
TLSH 458423CFE14AA9552E1C4E24820BB40885322C045F9688D8F765623AE717DF96B3DFDB
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: jch.jchllantas.com.pe
Sending IP: 162.214.71.14
From: ventas.piura@evocars.pe
Subject: Invoice...6856
Attachment: Invoice ..6856.zip (contains "Invoice ..6856.exe")

AgentTesla SMTP exfil server:
smtp.ionos.es:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.24016.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.21103.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:33:06 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l56pr26jtggecrwmq5s3s2rlgqzdafh4jtn2z6rcfcfao564e5ha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 5f7cf8ebc9998c4146cc8765b96a2b34323014fc4cdbacfa22288a0777dc274e

(this sample)

AgentTesla

Executable exe d525e111135a2e896a657e0ecb849340a683e13c47893c3df15bed3ee5f5aa90

  
Dropping
MD5 02e46ea19451cd87eecb13f08c6d8e00
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d525e111135a2e896a657e0ecb849340a683e13c47893c3df15bed3ee5f5aa90

Comments