MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72ec7ef41bf1488d8ce8ae1ce57ad30cd26de8f64d406e5ff295acceabda8bef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 72ec7ef41bf1488d8ce8ae1ce57ad30cd26de8f64d406e5ff295acceabda8bef
SHA3-384 hash: c701a8b156d3b7f34f99e411734333dadf651543cd79b42f359048905948266e172c8ce1f4077c75964f62b2b3a951e5
SHA1 hash: fc7ed6e7115b696d55fbcd85153280f0e88c6b95
MD5 hash: 02449cb1d260b889f610546dc1d511f4
humanhash: eight-music-nitrogen-bacon
File name:OVERDUE INVOICE.Pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:271'577 bytes
First seen:2020-05-20 12:22:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:3m94QLaxd8czl2cSfdwMSYwoAmo+FJ6zlPKm7IXZfx4tJM6hOvW:3k4ZxSGEo+FJWlPKmwqM61
TLSH CE4423F8A673C7CF86B1AD43328CD6DC8098ABD61146431245BFCBA085FAA4D757641F
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: Carlos <gsea@cyber.net.pk>
Reply-To: aini@sofal.com.my
Subject: Supply invoices / Overdue invoices
Attachment: OVERDUE INVOICE.Pdf.zip (contains "OVERDUE INVOICE.Pdf.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25516.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 12:37:26 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=olwh55a36fei3dhivyook6wtbtjg32hwjvag4x7sswwm5k62rpxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 72ec7ef41bf1488d8ce8ae1ce57ad30cd26de8f64d406e5ff295acceabda8bef

(this sample)

AgentTesla

Executable exe 0709efb482f695b80adbe0c90bbbab27919ba33ebb51bbabf249bc40313e7f07

  
Dropping
MD5 5bdf57df940bf393303b57eb79a6f1fe
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0709efb482f695b80adbe0c90bbbab27919ba33ebb51bbabf249bc40313e7f07

Comments