MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77d62296ac64a84afe14d249137f4f6619e3fd3af4a2f7deee62381870d571a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77d62296ac64a84afe14d249137f4f6619e3fd3af4a2f7deee62381870d571a7
SHA3-384 hash: 858d28deb7cb32402037fe39ac033d2f48cec706a4d74d82ebabb046c19f94cc3c53ac0a325e35eb96f1dedb4ac8a851
SHA1 hash: 299da92ffb9c20378954a2389386365aa2198102
MD5 hash: 33afc4ce1711578cd4b5699f2939ecc4
humanhash: enemy-don-fanta-three
File name:PO copy.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:410'442 bytes
First seen:2020-06-03 10:05:41 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:o5lvLGnBWAtnkUk5kYMKmj+em2j64/wrlpWUvbRjTOTIrZjcZomC52P/3kQEIRi0:o55LGnB3n3Y3mj84/klAGa0raochDR
TLSH 1794237BE6F0F4F6B0FB094C6CF35A9D4D70B02ED799B5BB98048525B61080473D66A2
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: yandex.ru
Sending IP: 95.211.208.58
From: 高楠 Export Department<ac.general@yandex.ru>
Subject: paid PO
Attachment: PO copy.pdf.z (contains "PO copy.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 09:30:09 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o7lcffvmmsuev7qu2jerg72pmym6h7j26srppxxomi4bq4gvogtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 77d62296ac64a84afe14d249137f4f6619e3fd3af4a2f7deee62381870d571a7

(this sample)

AgentTesla

Executable exe 587201350f1607e78ccfc8809dd7c8646ddd44ec4db8933b998043b9fba5bf72

  
Dropping
MD5 17e5090f4c1b716962b6272701096775
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 587201350f1607e78ccfc8809dd7c8646ddd44ec4db8933b998043b9fba5bf72

Comments