MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 64c9d443d7d1d435b55ea5c3b89a71a69bbfe8fcee81c439c95632c0b3f29a96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 64c9d443d7d1d435b55ea5c3b89a71a69bbfe8fcee81c439c95632c0b3f29a96
SHA3-384 hash: a6ce1841972fed5ed51f17b44508bcefb05fd327dcf85fbb6d98ddf3f687edb1a00aafec45d33f78ac8f07e41cc4b59d
SHA1 hash: 30ba6b4c25c85942b89c258b52d4e5708950a0ef
MD5 hash: e5b88fb64051a3ceba4f5868889866ac
humanhash: texas-leopard-ohio-cardinal
File name:UPS_AWBTracking89765.PDF.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:440'797 bytes
First seen:2020-05-15 06:34:29 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:YB5ChyDS7i/7FOAa5MAekep/i7t6H9GPxDC3b:YBIhy+Gw+l/hd8NC3b
TLSH 03942307C4A98531424B49C67D21BE7D65BC38E650AA59D317E723B9C32E872E50EB83
Reporter abuse_ch
Tags:AgentTesla gz UPS


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: srv1.demspor.com
Sending IP: 31.169.94.221
From: UPS Quantum View <pkginfo@ups.com>
Subject: UPS Ship Notification, Tracking Number 1Z2840A70497812974
Attachment: UPS_AWBTracking89765.PDF.gz (contains "UPS_AWBTracking89765.PDF.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-15 17:42:33 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mte5iq6x2hkdlnk6uxb3rgtru2n372h452a4ioojkyzmbm7stkla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 64c9d443d7d1d435b55ea5c3b89a71a69bbfe8fcee81c439c95632c0b3f29a96

(this sample)

AgentTesla

Executable exe 255080ea7797f53ee3607d7b4126b1afb27934a62dec93a8e9e68c39c5c02771

  
Dropping
MD5 649f7a0ee8de5d495fce5516cc99719d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 255080ea7797f53ee3607d7b4126b1afb27934a62dec93a8e9e68c39c5c02771

Comments