MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89352a8608dc6df3034d4e4a4ffaf43ad12ddc8c475ea74c390aa0186b2d0188. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 89352a8608dc6df3034d4e4a4ffaf43ad12ddc8c475ea74c390aa0186b2d0188
SHA3-384 hash: 7ba365393e42769f5f89017215386185ec65489eabe8aa330c49d0e8817e9bb953577488a9a7d3367cde1f55e5c379e5
SHA1 hash: d25b354a03e95b78b4cff8b7f51cab206cab7c40
MD5 hash: 70e23c74d814b298d8d2a1555dd14e95
humanhash: harry-delaware-hot-fillet
File name:_Invoice MV2063576.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:530'539 bytes
First seen:2020-05-05 11:07:55 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:ZStvyRuUJg07OVGkwd2FPhHDyu4c5FnDgEEUpp:ZLplD4VhjymJDgE5D
TLSH 79B423F310C208B8F74F8A0B483199A596452B601AFC63CD66D2D437575EFCE5EA4BAC
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vps.grupoescala.com
Sending IP: 82.223.18.162
From: E-billing <noreply@baseonline.co.uk>
Subject: Electronic billing operation 894161/5/5/2020
Attachment: _Invoice MV2063576.gz (contains "gunzipped")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EJWW.8935.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 11:37:06 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=re2svbqi3rw7ga2njzfe76xuhlis3xemi5pkotbzbkqbq2znagea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 89352a8608dc6df3034d4e4a4ffaf43ad12ddc8c475ea74c390aa0186b2d0188

(this sample)

AgentTesla

Executable exe 3845a8f1b22212dbb08c6a9c95c3cc765a2d9676dbe367acf2c24f845b264bf6

  
Dropping
MD5 8ee650d9c83e5e105e523e1431cd6d58
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3845a8f1b22212dbb08c6a9c95c3cc765a2d9676dbe367acf2c24f845b264bf6

Comments