MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c84ca1a2a1feef70f2cc11c45cfffa891597780ab6fa968ab5cbe261e959809d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c84ca1a2a1feef70f2cc11c45cfffa891597780ab6fa968ab5cbe261e959809d
SHA3-384 hash: 4080239fda3a9feedca195c7782943bf3aa3b273c40b5a6bc72417fc888f10c33550197c176296e038df03815c7f1e89
SHA1 hash: 8e2961beda7beae962e4b130ad40346a5b506721
MD5 hash: 924ddee2aa1ca8f35c8ba2b6b4388e5f
humanhash: five-eight-nuts-friend
File name:Maxima Trading - Products List.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:497'562 bytes
First seen:2020-05-26 08:16:08 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:EoR3Cyrc3oni5II/9JWIPFKHLbZ9mqlNVNPQy2:Ew30Yni5IO9MINKHLbtf4y2
TLSH ECB4236A96BD0216380CD4BC88D6BF3E5C24F5C0F4D2996C30B35E94852BEDA27AD95C
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: delivery.mailspamprotection.com
Sending IP: 146.66.121.68
From: Maxima Trading Limited <eric.maxima@aliyun.com>
Subject: Maxima Trading - Request For Quotation 3200-RS232 [CS-645398-H1H1Y3]
Attachment: Maxima Trading - Products List.z (contains "Maxima Trading - Products List.exe")

AgentTesla SMTP exfil server:
smtp.mail.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:37:09 UTC
File Type:
Binary (Archive)
Extracted files:
25
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z c84ca1a2a1feef70f2cc11c45cfffa891597780ab6fa968ab5cbe261e959809d

(this sample)

AgentTesla

Executable exe b326e71388c8abfb8e0e74aa913863af33e3299ad79fa42dd2d3e4c44e63da2a

  
Dropping
MD5 f7458aa5319364b9ab0f3ab279c30e5a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b326e71388c8abfb8e0e74aa913863af33e3299ad79fa42dd2d3e4c44e63da2a

Comments