MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc1116fc1c9e7e720bbc4c4053206331dfa2a0613b4cbbcc1e5198bfca6f53a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	cc1116fc1c9e7e720bbc4c4053206331dfa2a0613b4cbbcc1e5198bfca6f53a3
SHA3-384 hash:	18a795567c1813a1c6c0ae3574202de0ded3e9af477e3d3e62bca3075a082a83baff3e8b8b7a38772c7adaba69530529
SHA1 hash:	bb72c9f203f8098f6833f93c97c96eec2c2d1af2
MD5 hash:	ea98228be192d451db9d387ceca27aa0
humanhash:	river-nevada-romeo-eleven
File name:	Agency appoinment letter MT.Sinar MalukuV.0420.rar
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	436'486 bytes
First seen:	2020-05-25 09:17:24 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	12288:bgZnq/+jxv/ILm8LKnZTqqM6trmRvBrmh17tzc7Ok:OxoLm6g+orOCA
TLSH	839423159B86A9426CBAEBE9530D22961DB0783B636F3C006531DFBFD41BA64C4467C3
Reporter	abuse_ch
Tags:	AgentTesla rar

abuse_ch

Malspam distributing AgentTesla:

HELO: mail0.502.drienimeoni.casa
Sending IP: 161.35.29.233
From: Glory Shipping Marine Co., Ltd <akhaltsikhe@sharm.ge>
Reply-To: thomas.wright2005@gmail.com
Subject: Agency appoinment letter MT.Sinar Maluku V.04/20
Attachment: Agency appoinment letter MT.Sinar Maluku V.0420.rar (contains "Agency appoinment letter MT.Sinar Maluku V.0420.exe")

AgentTesla SMTP exfil server:
mail.gopaldasvisram.com:587

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-05-25 02:31:11 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

17 of 31 (54.84%)

Threat level:

2/5

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar cc1116fc1c9e7e720bbc4c4053206331dfa2a0613b4cbbcc1e5198bfca6f53a3

(this sample)

AgentTesla

exe 92891933f5cd5e261f775149ca28b09ac1470b28a5d42d533ab5ed1712c18229

Dropping

MD5 d1c2dd03f7e92196893e06dd76cfcf92

Dropping

AgentTesla

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 92891933f5cd5e261f775149ca28b09ac1470b28a5d42d533ab5ed1712c18229

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample