MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a36483b99b75cb092bcda8aef6a93794886a3d3ed63a6cdb43bd6a45f5758424. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: a36483b99b75cb092bcda8aef6a93794886a3d3ed63a6cdb43bd6a45f5758424
SHA3-384 hash: 0de78694180963cd3047644352349f78010fb84f248124480064311d780aab01156e8813595dcbafca3a7f2ae96d75a9
SHA1 hash: 8a716e155b139a2b9d15c2e5b9742cf84334b0a8
MD5 hash: cfaf375547bd4ebf735a9688057706d5
humanhash: speaker-burger-robert-washington
File name:Original Shipping Documents.zip
Download: download sample
Signature AgentTesla
File size:634'292 bytes
First seen:2020-07-31 10:17:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:dJROjYXnCezlMFotVzKZiegS4U4EBWD+Ao5U0iqOvJI:FOkXnLzlniA7f5EED+t5U0NH
TLSH 9DD423868943AE6ACDD5C673E0BA3E27FC186B04A60D9CD41CC35352FC4A9F6ED8546C
Reporter @abuse_ch
Tags:AgentTesla zip


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: luplastic.com.br
Sending IP: 95.211.253.201
From: Richard <vendas@luplastic.com.br>
Subject: Original Copies of Shipping Documents
Attachment: Original Shipping Documents.zip (contains "Original Shipping Documents.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
29
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
High
Geo location:
NL Netherlands
Volume:
Low
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Status:
Malicious
First seen:
2020-07-30 20:41:14 UTC
AV detection:
20 of 31 (64.52%)
Threat level
  5/5
Threat name:
AgentTesla
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip a36483b99b75cb092bcda8aef6a93794886a3d3ed63a6cdb43bd6a45f5758424

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments