MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c662b09c000ef9a26cf34dbe2365b97a6700fbbccf4c57a4122b790e8af38592. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c662b09c000ef9a26cf34dbe2365b97a6700fbbccf4c57a4122b790e8af38592
SHA3-384 hash: abd272978fa7948b01622bd49767af454baf6f0d0bb9e1f005ef727fb3354f70d045a9ffc7e57c80f92b9b6779a6a3c2
SHA1 hash: e575ac0c381e48ea0066530c86aadadee6dd24d1
MD5 hash: 4661bb19fcd67245703935dcf285165b
humanhash: texas-utah-friend-cardinal
File name:Swift-Copy.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:483'043 bytes
First seen:2020-07-29 11:17:11 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:RV/FUEztLMRPVFpJhb95CP7Qa4V4tWNF93AVq5dFASxEDBW7Tn+LRW:R9F1RgRPVLJl9uI/NF93AVq5DHaBz0
TLSH D2A4233E9E39466392CC782A180886A9D639EE4B5E9418BD8FCF63023BCD5925D40F75
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: nczoli.com
Sending IP: 45.137.22.48
From: Jack Garem<export02@nczoli.com>
Subject: Balance/Final Payment of usd$149,650 Completed
Attachment: Swift-Copy.zip (contains "Swift-Copy.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c662b09c000ef9a26cf34dbe2365b97a6700fbbccf4c57a4122b790e8af38592/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 11:19:05 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yzrlbhaab342e3htjw7cgznzpjtqb654z5gfpjasfn4q5cxtqwja._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c662b09c000ef9a26cf34dbe2365b97a6700fbbccf4c57a4122b790e8af38592

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c662b09c000ef9a26cf34dbe2365b97a6700fbbccf4c57a4122b790e8af38592

(this sample)

AgentTesla

Executable exe 344c77c1b4e37bbec58a85aaf54518edf921d9a12dfcb2c5e4a07eb75d7201f6

  
Dropping
MD5 aeb803e9265de80e47be95a0a085c171
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 344c77c1b4e37bbec58a85aaf54518edf921d9a12dfcb2c5e4a07eb75d7201f6

Comments