MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83123d0bed5256b973f26a8a4726432e07a65500dfe440500c91f42a4871bb98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83123d0bed5256b973f26a8a4726432e07a65500dfe440500c91f42a4871bb98
SHA3-384 hash: 84c7f20e7a9ab9bea04efc9860755b97c3d2567a49560aae929143586c97ab2072eafae233294b791d1cdddbd5327df9
SHA1 hash: 23ae630455b75bdb8d1e960d25ac26811e266cb4
MD5 hash: 9a134bc9d0f9a1ad81a6129f05ba7152
humanhash: winter-july-three-happy
File name:P.O28637836688666PDF.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:388'059 bytes
First seen:2020-05-28 06:19:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:f5P3THtdA8vZJt09ShlZDaeqOEtXpK81VccJlk5Nyd7lWJsnrMCug3KU92m:f53LHXJh7COEtXRScJe5NzMMnga+
TLSH 7F8423C107A7AF93D176B5E1366562A69E41FCF80B0448035679A2F1BF5E73E28D43E0
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gmail.com
Sending IP: 103.141.136.180
From: Coreynava<coreynava52@gmail.com>
Reply-To: coreynava52@gmail.com
Subject: PRODUCT ENQUIRIES/COMPANY BUSINESS TERMS.
Attachment: P.O28637836688666PDF.zip (contains "P.O#28637836688666PDF.exe")

AgentTesla SMTP exfil server:
mail.sridurgaagros.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 06:36:56 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 83123d0bed5256b973f26a8a4726432e07a65500dfe440500c91f42a4871bb98

(this sample)

AgentTesla

Executable exe 80c9f2d42f2d764f2551b86d87bdce160ce2cadde507f214a2a01f16ec76bdef

  
Dropping
MD5 4aa02ec4cfbf571b539155ca887c29d0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 80c9f2d42f2d764f2551b86d87bdce160ce2cadde507f214a2a01f16ec76bdef

Comments