MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7d596f3e0ad4965d39552998f6eccffb7aa7533a1ff3c2614936864509c9a62. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: a7d596f3e0ad4965d39552998f6eccffb7aa7533a1ff3c2614936864509c9a62
SHA3-384 hash: ca4cca27f98dc50eeb1b0f8267166854239698154403a9c579a2d600b82f4faa4e1531622812ecf9acfba6493a1e86fd
SHA1 hash: 2535df154d5d3750d57b956d21bd51b7c1fa9e70
MD5 hash: 6fc35c164f2b604586e90feea0303a44
humanhash: lamp-hotel-carbon-salami
File name:NEW RFQ.zip
Download: download sample
Signature AgentTesla
File size:607'442 bytes
First seen:2020-07-31 12:08:43 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:XtHCKkN+Lb2yTbPi1Uy0Rt+CnVfiD2NU2eve9xMzEZdmtid2aifx:mN624bhkaVfi6NqdYdmkkaifx
TLSH 14D423FF6DB49FE35DD1E5E2C1B1FCB0321A8AB02C712E6E312451C96C239B1689661D
Reporter @abuse_ch
Tags:AgentTesla zip


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: vps.confidencegroup.co
Sending IP: 162.144.54.78
From: Judy Lee <hk@jiballoubnan.com>
Subject: NEW RFQ
Attachment: NEW RFQ.zip (contains "NEW RFQ.exe")

AgentTesla SMTP exfil server:
mail.flsrnidth.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
33
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Status:
Malicious
First seen:
2020-07-31 12:10:10 UTC
AV detection:
20 of 48 (41.67%)
Threat level
  5/5
Threat name:
Malicious File
Score:
0.81

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip a7d596f3e0ad4965d39552998f6eccffb7aa7533a1ff3c2614936864509c9a62

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments