MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7c430be4b0366277d263de337dcbf63c2a60dd8789394c4e397ef4ee07298c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7c430be4b0366277d263de337dcbf63c2a60dd8789394c4e397ef4ee07298c8
SHA3-384 hash: 9eb7945ee09409ffeb247a95df2fd46094265c4b8091db6ccee2d5cf665db67db608e7767650ac935a73eff2eb28e730
SHA1 hash: a3fbb1af55936b6a81fd6563c15a6c2f4cd4f917
MD5 hash: ddea9395d88b06779ebb4b8833d91ad6
humanhash: mars-potato-artist-blossom
File name:PO72920.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:490'115 bytes
First seen:2020-07-29 11:11:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:KbJfFN2DutJbhOVnFVCke4EM3fZkhnl9xEpV9OXj/hiKlk4cr8qi2Ix4R1ftrjFZ:4MamXqlxErMzJKgMPtPN+U2Lpsdv
TLSH EEA42320490F4F69B65604D661D786F57FF62B3B62B8D21A83831246E5CE2C18AC63F3
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.wauioa.ga
Sending IP: 86.104.194.117
From: Elizabeth Alessandra <sale@wauioa.ga>
Subject: PO72920 For Wauioa
Attachment: PO72920.zip (contains "PO72920.exe")

AgentTesla SMTP exfil server:
mail.thepackaging.com:26

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c7c430be4b0366277d263de337dcbf63c2a60dd8789394c4e397ef4ee07298c8/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 11:13:08 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y7cdbpslantco7jghxrtpxf7mpbkmdoypcjzjrhds7xu5ydstdea._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c7c430be4b0366277d263de337dcbf63c2a60dd8789394c4e397ef4ee07298c8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c7c430be4b0366277d263de337dcbf63c2a60dd8789394c4e397ef4ee07298c8

(this sample)

AgentTesla

Executable exe 0650a30b2e54bc824ad7c986606f98d127e11dc0f401ad6465deb77e1ffb3f01

  
Dropping
MD5 abf6f24a40058211647e062264c085cf
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0650a30b2e54bc824ad7c986606f98d127e11dc0f401ad6465deb77e1ffb3f01

Comments