MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75ecf384a980eae146c87ed892160d6a3d1a3d24f7c4417b871709313ae26d10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75ecf384a980eae146c87ed892160d6a3d1a3d24f7c4417b871709313ae26d10
SHA3-384 hash: 9b1089b8c6330b5e6af9c88704b46f46a346438d6e6f1e98759248588e5634709a77d58a4cf5d1b154e92a80a50240ce
SHA1 hash: b2685e0cd048c491779e623e8652f22b1675f65f
MD5 hash: b97e9ce2131b52781103217f7da126e5
humanhash: social-snake-earth-august
File name:PO-17232.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:395'167 bytes
First seen:2020-05-27 18:12:00 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:kgK4lVPCwAXkZKfX8WCUHbqg3hs2cmiv3frxE2e8EPU4oi2Ia8r5K/mNt0LSN1Y+:kgJPtu/o+Be2aaPUfi2IaWK/MtaSM6Gu
TLSH 1F8423CB80AD52A8816408A7ABA1FBE1753A4C630DB70D117F7DECB61BD36C5786E710
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: hameedentr@cyber.net.pk
Subject: Request for PO Top Urgent
Attachment: PO-17232.gz (contains "PO-17232..exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27121.RarHeur.NoDP.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27572.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:26 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 75ecf384a980eae146c87ed892160d6a3d1a3d24f7c4417b871709313ae26d10

(this sample)

AgentTesla

Executable exe 0056f11a7714396619331eba28b990eccbbaacfd0088c49138ea970d789f3d2b

  
Dropping
MD5 162bff44da7010cbb5e5a1e69dbd7cbc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0056f11a7714396619331eba28b990eccbbaacfd0088c49138ea970d789f3d2b

Comments