MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4f5e000d6182c29149e9c6d5bc2fee42543c3971db9f4c8dc353d6594455fa6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a4f5e000d6182c29149e9c6d5bc2fee42543c3971db9f4c8dc353d6594455fa6
SHA3-384 hash: 9e0042253baf4c8bb5e7dd67903bba42130758914cf6f727d99ccc546305dc2152094e4f3693b05dc3750c1613be942f
SHA1 hash: 7ab06c4e8b15bc2c6d6fd9d8414a2b135ebc67dc
MD5 hash: 0d1dedb62312754d9ae601664c41b09d
humanhash: lion-wisconsin-oxygen-network
File name:Transfer slip.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:485'430 bytes
First seen:2020-08-05 09:26:27 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:KSl5Rq85zJ5QqruCPBLCDleGHwXrOb2b5su64mr9MdpbaO5AqVU:1k85zJ5rRQZLQbObU52nCdpD5hVU
TLSH 28A4238548DE697724D467FDA282641F735E21989C3B88FA40097EDF28522F37E3D0A8
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: scmt.gov.iq
Sending IP: 37.48.85.227
From: insurance <insurance@scmt.gov.iq>
Subject: Payment Transfer slip
Attachment: Transfer slip.zip (contains "Transfer slip.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Strictor.68153.23465.29103.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a4f5e000d6182c29149e9c6d5bc2fee42543c3971db9f4c8dc353d6594455fa6/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 09:28:07 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ut26aagwdawcsfe6trwvxqx64qsuhq4xdw47jsg4gu6wlfcfl6ta._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a4f5e000d6182c29149e9c6d5bc2fee42543c3971db9f4c8dc353d6594455fa6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip a4f5e000d6182c29149e9c6d5bc2fee42543c3971db9f4c8dc353d6594455fa6

(this sample)

AgentTesla

Executable exe b5168cc25cfcd2e305a680adc90e657dbaa81433f49d1cf10ded3e83062697ee

  
Dropping
MD5 e9047a742afd9baafd5ddc59aab49707
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b5168cc25cfcd2e305a680adc90e657dbaa81433f49d1cf10ded3e83062697ee

Comments