MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76a07c291cb73e31e7c86c545be44f3d664c797e93c71c405013672a98b4aa91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76a07c291cb73e31e7c86c545be44f3d664c797e93c71c405013672a98b4aa91
SHA3-384 hash: 8949a241c2cad10e6db6f43f14b0be7ab37109f9507886592125e0e4442adc7d9848c3c7d2138eaea1c31cc67db95696
SHA1 hash: 0ae1f661d22d11850964b01b7ecd4572d2fc80f8
MD5 hash: 98b7600a4930094a9ec941f6e3940625
humanhash: coffee-ten-charlie-bluebird
File name:Proforma Invoice 00234354_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:379'942 bytes
First seen:2020-06-26 15:18:09 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:+Zt5XvRGR+XEksIrJA33NQ6YX7+6sTUa51pR1hV4zyzTTzRXwsvr:+hsR+O4JAuPX7+cazpj35nNwWr
TLSH DB84236C61FF384106E07E4F854BAC302BC6574597BE9E1BD036C702B858F6E47EA52A
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: chle.tk
Sending IP: 103.150.8.56
From: Bob Wong <bob169@chle.tk>
Subject: Re: Proforma Invoice
Attachment: Proforma Invoice 00234354_pdf.gz (contains "Proforma Invoice 00234354_pdf.exe")

AgentTesla SMTP exfil server:
smtp.anding-tw.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.f75bcb16ae21df7e.11718.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/76a07c291cb73e31e7c86c545be44f3d664c797e93c71c405013672a98b4aa91/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 15:20:06 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o2qhyki4w47ddz6inrkfxzcphvtey6l6spdryqcqcntsvgfuvkiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 76a07c291cb73e31e7c86c545be44f3d664c797e93c71c405013672a98b4aa91

(this sample)

AgentTesla

Executable exe 7685e609b6eae44feac570e6fb3f8661bc35f5352c3659e1f0c153faceb033f2

  
Dropping
MD5 c6cfe18d5b2ba20765d6b1efa5e57bca
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7685e609b6eae44feac570e6fb3f8661bc35f5352c3659e1f0c153faceb033f2

Comments