MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66cfd9c0a7b574d905c159e8abdd9c9831fcc6449ce9affa0fe9fe0ecb0a8332. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 66cfd9c0a7b574d905c159e8abdd9c9831fcc6449ce9affa0fe9fe0ecb0a8332
SHA3-384 hash: e431ff282cfc7c0f0540cbd2e6f20e431a2ad42affb2a03089f2456489261fe15ec157240a609288ea6f957b3fa6d460
SHA1 hash: fafd5baf278e05411117f3824c4da08c39cc650f
MD5 hash: 6384753b5ad28da4cac371fe87368d3b
humanhash: avocado-april-kansas-iowa
File name:PO44087537318.pdf.img
Download: download sample
Signature AgentTesla
File size:1'294'336 bytes
First seen:2020-07-31 12:09:43 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:0LHAgbCa8sGQTiR1lj4+Z1DRncxuiWMKt2Pkek0RHiQu6tHM3n:UHX8kTiLlj1NkdKMceZVts3
TLSH DB55382D3A92E911E93D0E3180B959D12771BD477B02C70F7AC8275C6F2269B7F071AA
Reporter @abuse_ch
Tags:AgentTesla img


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: msdos.homelinux.org
Sending IP: 185.236.231.55
From: Dorathy Lee / MD <jwcitffgjfvgllrxmviydn@bsccl.com>
Subject: Signed Contract-PO36014773379235 - 07/31/2020 04:35:47 am
Attachment: PO44087537318.pdf.img (contains "PO44087537318.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
31
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
High
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Status:
Malicious
First seen:
2020-07-31 12:11:05 UTC
AV detection:
15 of 48 (31.25%)
Threat level
  5/5
Threat name:
Kryptik
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 66cfd9c0a7b574d905c159e8abdd9c9831fcc6449ce9affa0fe9fe0ecb0a8332

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments