MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bde715addadd62560ea5b5f962b73139e1f29029c60dd46e38b5bc297b82686a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bde715addadd62560ea5b5f962b73139e1f29029c60dd46e38b5bc297b82686a
SHA3-384 hash: d6d4cb4961e2cc38bbb798b2e8b1d7f435685171e4414b0c61dbf3e41812b9dab68d555bfbb424343ad8fbb309af7cb6
SHA1 hash: be4f1fc8b01d97ac0d2837890ea3b192650566a8
MD5 hash: 351d4919ceea779760ce4f9097452e92
humanhash: speaker-edward-tennessee-twenty
File name:pro-forma inv.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:402'152 bytes
First seen:2020-06-10 07:23:17 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:WzDXQObhRV6skZzP9eYuhP9Vi8xVxabD8WspNS2y3kkEXuYzkKwqoZY6XpcDiEMp:K03sSEri8xSbDo830+MkKwq56WiETc6e
TLSH 0B84232D784F58A6F9EC443F54121FFEE6BD4794A6C049E630AC5A8F270A279D3F0902
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: samisec.com
Sending IP: 172.93.189.91
From: accounting<sav@samisec.com>
Reply-To: accounting<s.nsa41@hotmail.com>
Subject: Re: pro-forma inv
Attachment: pro-forma inv.zip (contains "pro-forma inv.exe")

AgentTesla SMTP exfil server:
business41.web-hosting.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:25:04 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xxtrllo23vrfmdvfwx4wfnzrhhq7febjyyg5i3ryww6cs64cnbva._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip bde715addadd62560ea5b5f962b73139e1f29029c60dd46e38b5bc297b82686a

(this sample)

AgentTesla

Executable exe 97c3cf905c068daf00bbc9c10810ff4437d953c3263e962b0454d0babcfe5494

  
Dropping
MD5 1d014825fb5bc0e5373888b031b12362
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 97c3cf905c068daf00bbc9c10810ff4437d953c3263e962b0454d0babcfe5494

Comments