MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c42e4f99dcc55d9679905b627e0da219c454daa7223bcf5e3a47590b45ac69c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c42e4f99dcc55d9679905b627e0da219c454daa7223bcf5e3a47590b45ac69c9
SHA3-384 hash: c7343a0347bbedb0719d212f7af2de86272feb462fb192ed0fdd91737b1cb24f6ea77e478408613f049a14ad58eb658a
SHA1 hash: 63b12166db6188c95bebc74ba012c6c7816c269a
MD5 hash: 292176e6dacfbf33b686326b191bd767
humanhash: video-blue-ink-iowa
File name:INQUIRY - 1.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:462'902 bytes
First seen:2020-07-29 05:22:08 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:GXc9D+cYWxBfXbeV2u7cRtQlNWK0B2zl6h7UxF:7TrDfW2ucOiB6RF
TLSH FAA423B1282D6D8D456D8626FE35FA9D01EA358CA3D01088B00EFF5B41F339464DEE6E
Reporter abuse_ch
Tags:AgentTesla Endurance gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: qproxy2.mail.unifiedlayer.com
Sending IP: 69.89.16.161
From: Andy Yasuhiko Yoneda <yoneda.yasuhiko@yoneda-shoten.co.jp>
Subject: INQUIRY
Attachment: INQUIRY - 1.gz (contains "INQUIRY - 1.exe")

AgentTesla SMTP exfil server:
mail.eidtravel.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c42e4f99dcc55d9679905b627e0da219c454daa7223bcf5e3a47590b45ac69c9/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 05:24:07 UTC
AV detection:
22 of 47 (46.81%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yqxe7go4yvozm6mqlnrh4dncdhcfjwvhei546xr2i5mqwrnmnheq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/c42e4f99dcc55d9679905b627e0da219c454daa7223bcf5e3a47590b45ac69c9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz c42e4f99dcc55d9679905b627e0da219c454daa7223bcf5e3a47590b45ac69c9

(this sample)

AgentTesla

Executable exe 245dab3947c242814248eb6b3fa73560d4082082fc536f9d042c7f41ea99e9c4

  
Dropping
MD5 1eb47fc33521f1d2048f1f711c2d397e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 245dab3947c242814248eb6b3fa73560d4082082fc536f9d042c7f41ea99e9c4

Comments