MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b987b5d2bc3a976e8a29f076ce2516b0af2ed7088944cec666d935982b12728e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b987b5d2bc3a976e8a29f076ce2516b0af2ed7088944cec666d935982b12728e
SHA3-384 hash: deb9326f99c74094a3131306dd6c391fc605288247b50b4a8972d07433ff4287897e5c5e16804ae596e354bef9739888
SHA1 hash: f8678cee0b81633702a48bdf3930a92115c0f827
MD5 hash: 77ec41d6f19f46a90d3ac011b1fd2949
humanhash: chicken-item-nine-sweet
File name:Maxell_Asia Pte. Ltd - RFQ_MAP2020.doc.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:423'086 bytes
First seen:2020-04-29 18:46:11 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:KCOqIqQQQEdJ6r+zFMxlvNYPXoeKQtyRiFHM5CTY1:KXQQfQolm/oeLty8Fs5Cc
TLSH E094231F1E25CF3B48E0ABB1616618791699D3FEF82E0C47C2DE6C82E0D09A7A1DC4D5
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cpb2.medionline.cl
Sending IP: 45.55.49.33
From: Maxell Asia Pte. Ltd. <sales@maxell.com.sg>
Subject: Maxell Asia Pte. Ltd - Request for Quotation(MAP#2020)
Attachment: Maxell_Asia Pte. Ltd - RFQ_MAP2020.doc.z (contains "Maxell_Asia Pte. Ltd - RFQ_MAP#2020.doc.bat")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 19:36:05 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xgd3luv4hklw5crj6b3m4jiwwcxs5vyirfcm5rtg3e2zqkysokha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z b987b5d2bc3a976e8a29f076ce2516b0af2ed7088944cec666d935982b12728e

(this sample)

AgentTesla

Executable exe 69477d03d335e9dc9f9de2e656d8ef11d8111ca35fbc37008a3e2082efbf5af2

  
Dropping
MD5 29774f79c52a4643f19709ecb6c52f43
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 69477d03d335e9dc9f9de2e656d8ef11d8111ca35fbc37008a3e2082efbf5af2

Comments