MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 910ecf3640d41c346a662f73d2e695e3a4331d9e910fcfc5838587239895018d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 910ecf3640d41c346a662f73d2e695e3a4331d9e910fcfc5838587239895018d
SHA3-384 hash: a4fb521a9902e76a8f2d107c132f7e4245afd1ac25d26a522cf7d5177def82f8f7990c3c37f4ba3d43e87b175bb6f5e9
SHA1 hash: 57438d495f691a7b3a89e7f2b4b381ffe7a64133
MD5 hash: 4617de809b9bb837eaa6283518e2e066
humanhash: ten-batman-magnesium-cat
File name:20200603_PO_97890_EXPORTFCLpdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:406'906 bytes
First seen:2020-06-03 09:04:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:5WMPNu29qVCSESgq1WGhFk9I1sJYHZBp1mU/NW3D:PN7WyW1PFke1sJuvrmQNW3D
TLSH 0284231AED85B29F8317C691D12C57E4FFCF07520FD5B106808D8A8CA8858EF3EA5A46
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: plesk5.etllao.com
Sending IP: 202.62.107.252
From: Anisa ucl swift <kdps@e-kdps.com>
Subject: [NEW SHIPMENT] Export Order PO 97890 / 2x45 HC Container
Attachment: 20200603_PO_97890_EXPORTFCLpdf.zip (contains "20200603_PO_97890_EXPORTFCLpdf.exe")

AgentTesla SMTP exfil server:
mail.sesan.com.vn:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 04:29:30 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sehm6nsa2qodi2tgf5z5fzuv4osdghm6seh47rmdqwdshgevaggq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 910ecf3640d41c346a662f73d2e695e3a4331d9e910fcfc5838587239895018d

(this sample)

AgentTesla

Executable exe c34a5fb5cb1ee666b5a59c8fd67368b2b3f826b3b8ed19e597dc8beb91416c52

  
Dropping
MD5 73eff0ef28208f340480056565e52406
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c34a5fb5cb1ee666b5a59c8fd67368b2b3f826b3b8ed19e597dc8beb91416c52

Comments