MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dcb780038b610f2e14486a7cb2ca66f19b0b8be8c1ba14ffec752951b889f868. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dcb780038b610f2e14486a7cb2ca66f19b0b8be8c1ba14ffec752951b889f868
SHA3-384 hash: d710158f3712d80e0ec75e961e8fb74cfd4c037be7ac08f941efab23e4dcf237af748845cfbc59e5d47fcdd45be90ae6
SHA1 hash: 3dd43f17110f7128d8c2da2804f4df1d57c82b08
MD5 hash: 4c23cfcf1d1904c15d8a7fe28270a929
humanhash: cat-orange-india-equal
File name:IBAN IMPLEMENTATION.PDF.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:304'618 bytes
First seen:2020-07-12 11:25:03 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:A+iOjLJk7/TdRdR9xxO4cj3lblmQoXW1CNQCtVALF7t6bZR/lsZcFzz/:WOxk7jn04cTP7oWwZAg7vz/
TLSH 465423996FDA2B830965F4E46B8B97F09BD0CD07BC573797058382946FF070AB214BA4
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hosting12.ji-net.com
Sending IP: 203.130.149.250
From: Mohamed El Kateb <djau.cande66@gmail.com>
Subject: IMPLEMENTATION OF IBAN
Attachment: IBAN IMPLEMENTATION.PDF.zip (contains "IBAN IMPLEMENTATION.PDF.exe")

AgentTesla FTP exfil server:
ftp.targetdhr.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25510.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dcb780038b610f2e14486a7cb2ca66f19b0b8be8c1ba14ffec752951b889f868/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-12 11:26:06 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3s3yaa4lmehs4fcinj6lfstg6gnqxc7iyg5bj77mouuvdoej7bua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip dcb780038b610f2e14486a7cb2ca66f19b0b8be8c1ba14ffec752951b889f868

(this sample)

AgentTesla

Executable exe fdeac1758dae3e3811f020f3d9d44fb984c4397c924c4c8e880f4e41fdf130f7

  
Dropping
MD5 30d1189cb067a539d35c24262202c9e1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fdeac1758dae3e3811f020f3d9d44fb984c4397c924c4c8e880f4e41fdf130f7

Comments