MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1a74e153ba7d52343580fe1226421dde954f710aedc9c2500379eb95c489b0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1a74e153ba7d52343580fe1226421dde954f710aedc9c2500379eb95c489b0e
SHA3-384 hash: 5f8439bfe5b8819f3b5c9e8d16bae4af0ccdccdcc5e5ad58770f21435f1dcd867eacbae69b1a1e6f7e7ddcef6e083882
SHA1 hash: d6f0934a2c0fa5c16d641919dedb043636652703
MD5 hash: 2782c28f7fa2a2d9b29876f91e5d854e
humanhash: coffee-freddie-monkey-monkey
File name:PS-AVP2-20209.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:442'220 bytes
First seen:2020-05-26 11:17:43 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:ikgja7zaqD4AGXnn0fNZr1okjLcG0/vO1QYP/A79KQE:hgjyrQXnULokjyHRYQJ+
TLSH 8F9423A5CFE508E4B14F8C00F861F92929E5D2B6C87098CBE775E4C98E7173981B8D5E
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vps.fortvitta.com.br
Sending IP: 162.241.47.204
From: Jessy Merle
Subject: Re: Request for Quotation_PR#PS-AVP2-202098
Attachment: PS-AVP2-20209.zip (contains "PS-AVP2-20209.exe")

AgentTesla SMTP exfil server:
mail.menawealthventures.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:37:09 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b1a74e153ba7d52343580fe1226421dde954f710aedc9c2500379eb95c489b0e

(this sample)

AgentTesla

Executable exe d3657e0ec23750b846859a79a9999e813167292ebba01f6e7b037d9818d20deb

  
Dropping
MD5 c215975217c9e0ffb9bdb33dc23e2694
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d3657e0ec23750b846859a79a9999e813167292ebba01f6e7b037d9818d20deb

Comments