MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66f48243446992bbc3ddaba59942dbc4566e75be87100100ec80f9fa7a663e32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66f48243446992bbc3ddaba59942dbc4566e75be87100100ec80f9fa7a663e32
SHA3-384 hash: 8efd4e22a4cc34709cf113c94637a7fdf72d9dafe300653a5dbf64338a204abcab5af26dc3004df51e5f3a8e8c1eecd6
SHA1 hash: 83023fc7909409fac39b7471aa7e8a21de1880b2
MD5 hash: 5de70137e59764e06c216e6dc9e47dd5
humanhash: grey-steak-ink-magazine
File name:Transfer form.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:263'516 bytes
First seen:2020-06-12 07:52:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:CELP4JDURi3udGb6WzAX3jIstFsRBYppFnpXrT86Uq6SDFCZhr:CE74J3bz6tFGBYppFpbT85yFq
TLSH FD4412ABF363826760C2783BDE42D11D408E8D4E609C32B59F224DF4A07D94B6F68677
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: telkomsa.net
Sending IP: 103.141.136.4
From: mahindranorthcoast@telkomsa.net
Subject: RE: PAYMENT INSTRUCTIONS
Attachment: Transfer form.zip (contains "Transfer form.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 07:54:08 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m32ieq2engjlxq65voszsqw3yrlg45n6q4iacahmqd47u6tghyza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 66f48243446992bbc3ddaba59942dbc4566e75be87100100ec80f9fa7a663e32

(this sample)

AgentTesla

Executable exe 58b5fa72369a5fb9d5c501dce6e29752cda05620f938cf1f2c429d257f21ee78

  
Dropping
MD5 1308a853579cdd045135403ad4c9b9ed
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 58b5fa72369a5fb9d5c501dce6e29752cda05620f938cf1f2c429d257f21ee78

Comments