MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8be2c2928299465a0bbb04c66acca713a6d52f1c11dda8318482f37acf99f5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d8be2c2928299465a0bbb04c66acca713a6d52f1c11dda8318482f37acf99f5f
SHA3-384 hash: 9d6118e9f2b44b0b2fd061aae631434f7744cb0e1d5f6b5cbf2b162f09e744e9379e4bf42665f64409578d219e26f100
SHA1 hash: c7cbc193d0268896e4065c55ddcb477551a8c9fe
MD5 hash: 2771424e883bf1ac96e1bc4c777e9e19
humanhash: moon-music-kilo-texas
File name:sheet56734600.email.eml.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:394'979 bytes
First seen:2020-07-24 05:44:11 UTC
Last seen:2020-08-01 10:00:32 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:U5fvs3V3Rf+cgMy2bl2a1UaBaFlp1LYNe:WfvSV3UkyLSUaCn1LY0
TLSH 0C842378F978369F1A0BC6BE9A59FF905DA2607042B70343E5EA2033E04835537598EE
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sgk-klenke.de
Sending IP: 209.58.149.66
From: Herbert Markowitsch <marko.witsrch@sgk-klenke.de>
Subject: Inquiry
Attachment: sheet56734600.email.eml.zip (contains "sheet#56734600.email.eml.exe")

AgentTesla SMTP exfil server:
mail.ibc.by:587

AgentTesla SMTP exfil email address:
greenpark@ibc.by

Intelligence

File Origin
# of uploads :
33
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d8be2c2928299465a0bbb04c66acca713a6d52f1c11dda8318482f37acf99f5f/
Threat name:
ByteCode-MSIL.Trojan.Masslogger
Create hunting rule
Status:
Malicious
First seen:
2020-07-24 05:23:32 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3c7cykjifgkglif3wbggnlgkoe5g2uxryeo5vayyjaxtplhzt5pq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d8be2c2928299465a0bbb04c66acca713a6d52f1c11dda8318482f37acf99f5f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d8be2c2928299465a0bbb04c66acca713a6d52f1c11dda8318482f37acf99f5f

(this sample)

AgentTesla

Executable exe 6e2258b3549aa0a57f3af990295f6b580dfeb2ddbc242185cc9cb23f4ca946c4

  
Dropping
MD5 69814a6dd9c58e33bae3ebf4d524a0a1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6e2258b3549aa0a57f3af990295f6b580dfeb2ddbc242185cc9cb23f4ca946c4

Comments