MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1360fdebad0b87c573f6791857d3d10ae393bbdb427a97eb042197910a9b139. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1360fdebad0b87c573f6791857d3d10ae393bbdb427a97eb042197910a9b139
SHA3-384 hash: a37e03ddde2e2467cb3421385820a7a5b989a20927f0fe33754fc46ba9b8756895714f4d8facde0b820cab4902363a7d
SHA1 hash: 3e49c2490e0f22e6e0ac5e24e71d64f6929b5a46
MD5 hash: 7e5d3d86760953a5089f136834f958d8
humanhash: mexico-football-golf-oklahoma
File name:quotation for machinery.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:633'868 bytes
First seen:2020-06-05 06:03:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:tVhqltJRg4ScYETSnd0HY1aQrnl9p+8rHucCEy1EFOuGVtTom:twJRg4ScSndU6NbZucxyiw5om
TLSH 79D423EFF6490CCE97C93B7D010E4CEE2F9189624674B761082F9A964D036BE5B25F12
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp11.webkur.net
Sending IP: 185.136.84.68
From: MTK Teknik Kaplama AŞ. <info@mtkteknikkaplama.com.tr>
Subject: Payment for Invoice
Attachment: quotation for machinery.zip (contains "quotation for machinery.exe")

AgentTesla SMTP exfil server:
mail.flsrnidth.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 06:36:44 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ye3a7xv22c4hyvz7m6iyk7j5ccxdso55wqt2s7vqiimxsefjwe4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c1360fdebad0b87c573f6791857d3d10ae393bbdb427a97eb042197910a9b139

(this sample)

AgentTesla

Executable exe 05adee1671fe675b89fe95af7406d6ea0d97da1f101868bf2fbb905389ed7037

  
Dropping
MD5 fc662a4889f66f5b7468bcf0e8b666a8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 05adee1671fe675b89fe95af7406d6ea0d97da1f101868bf2fbb905389ed7037

Comments