MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 890e7d699e8a1a3d23ca52be7a067e64dc9596b320671dee233c2f6944274b22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 890e7d699e8a1a3d23ca52be7a067e64dc9596b320671dee233c2f6944274b22
SHA3-384 hash: 6ce3eebc430eea46eda887d23e8adc0f8701506bf86cad4eddfa5417953d13f5e4ab2863ed00e9e81f23aa6298fff1aa
SHA1 hash: 473edec1c6fd359d410b02960ba05f0bbd585cb1
MD5 hash: a275a0643db1aaa042834e19d65d779f
humanhash: nuts-india-table-georgia
File name:CNT-CNT-0421197623456789_________________________________.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:477'985 bytes
First seen:2020-06-03 11:24:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:hPG3dg75J3Qb674E4oxJ+rLSOltkfhyJbNqTubErEGmzxqTk3LbKQxwJ7MdhnVAQ:uwna67fvJf4JqTMErLmzxx6ywGddmQ
TLSH BFA423C9E151060DD6EF4D9E29A8969125E4D7A2F387F983D928329BDB303CCF0357A4
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vps.0apil.com
Sending IP: 45.95.169.74
From: Gizem Dursunlar <gdursunlar@fontegroup.com.tr>
Subject: RE: 50% Prepayment Done! // CNT-0421/19 // Shipper: M.I.G. Srl // Cnee: Connect (Alagoas) // Notify: Vulcan Envelopes
Attachment: CNT-CNT-0421197623456789_________________________________.zip (contains "CNT-CNT-0421197623456789.exe")

AgentTesla SMTP exfil server:
smtp.shakurjay.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 11:37:49 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rehh22m6rind2i6kkk7hubt6mtojlfvtebtr33rdhqxwsrbhjmra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 890e7d699e8a1a3d23ca52be7a067e64dc9596b320671dee233c2f6944274b22

(this sample)

AgentTesla

Executable exe 0a169e812d23f175a61125630babc70da46264bd00e0aebd41b7225b8732c8bf

  
Dropping
MD5 5d5a7c738176e782870e43f7fe95beca
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0a169e812d23f175a61125630babc70da46264bd00e0aebd41b7225b8732c8bf

Comments