MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d22ccf0e5c5662dd86203cde0a3e9b2fbfca178f7853fad379283b6f0a039faf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d22ccf0e5c5662dd86203cde0a3e9b2fbfca178f7853fad379283b6f0a039faf
SHA3-384 hash: 39c46bfd90dda30f96c97ba67ef45cfec72800ed38a7f9fc18cd00a7b5ec2533706307e032636647ae09188efcf76ce6
SHA1 hash: 00b05c3c80c2562eeb3c1b41ed64623cbe9f9453
MD5 hash: 3d0e1c2c0e6fa4372a4c8e31bbad6b6d
humanhash: mike-shade-violet-eighteen
File name:NEW PO 2.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:468'411 bytes
First seen:2020-05-07 11:04:01 UTC
Last seen:2020-05-09 21:23:07 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:bJdXmtmFrZHJxTqK96cCkHFozSioYjdLVv+0n:bbCmPrrT7uzTdLxBn
TLSH 65A42334D097C9411CDC1B6E36EF0E171213A46442FECEC90646DA1EF8EA5BDB96D82A
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: wss-international.com
Sending IP: 103.99.1.174
From: info@wss-international.com
Subject: info<info@wss-international.com>
Attachment: NEW PO 2.zip (contains "opo (1).exe")

AgentTesla SMTP exfil server:
mail.cpworldindia.com:587

Intelligence

File Origin
# of uploads :
3
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VUF.28115.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 10:44:26 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2iwm6ds4kzrn3brahtpaupu3f674uf4ppbj7vu3zfa5w6cqdt6xq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d22ccf0e5c5662dd86203cde0a3e9b2fbfca178f7853fad379283b6f0a039faf

(this sample)

AgentTesla

Executable exe f35fa2a6281a2a24016729d315083a638edf176a890a605dba2ac134e1733bb3

  
Dropping
MD5 6f366f6932afabce27a09613f221fe7d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f35fa2a6281a2a24016729d315083a638edf176a890a605dba2ac134e1733bb3

Comments