MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aec3843d801e79d39f4de41efc5cf181e4c8d8b5c89aaf6f34691c91783f4c4d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aec3843d801e79d39f4de41efc5cf181e4c8d8b5c89aaf6f34691c91783f4c4d
SHA3-384 hash: e19fa6f152d7be8c1e4b130877ea0de7dcd0cbf5a96177acdf7a068474c8134be357703e88fb96ace3b955a77a76ebb1
SHA1 hash: 21d5f968cfa95fcbcedfceb6f9160e563a444df8
MD5 hash: ad21677c8c90197bad0d91df2569b58a
humanhash: timing-wisconsin-stairway-music
File name:FB_IMG_1589813569921.DWG.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:823'203 bytes
First seen:2020-06-03 08:40:57 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:wwNM6PcB1MLeN5y0awMYrZ6k79BrhihSTODwW:vN+MA5lkYxXhigTOkW
TLSH 750523019330CD6D36EBF9487B964DBB99E4974509D0FA03B302F83B15B59DCA3D186A
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cntcc.cn
Sending IP: 23.106.215.138
From: Duan Xiao-long (Mr.) Procurement Department <duanxiaol@cntcc.cn>
Subject: Inquiry 19003
Attachment: FB_IMG_1589813569921.DWG.z (contains "Image_4483720200602121810.dwg.bat")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 13:44:28 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=v3byipmadz45hh2n4qppyxhrqhsmrwfvzcnk63zuneojc6b7jrgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z aec3843d801e79d39f4de41efc5cf181e4c8d8b5c89aaf6f34691c91783f4c4d

(this sample)

AgentTesla

Executable exe 94fcc8c7fd53c5463c0d33d1f74b5c7c8c0ae95ef097477958acb9df1ae5a15e

  
Dropping
MD5 7884dd119ad804eed0914a1589bce1f6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 94fcc8c7fd53c5463c0d33d1f74b5c7c8c0ae95ef097477958acb9df1ae5a15e

Comments