MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0051accbbfeeca8279f9de3e36d284346de15ce28bcdcc707542ee614046d06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0051accbbfeeca8279f9de3e36d284346de15ce28bcdcc707542ee614046d06
SHA3-384 hash: bede34ddc97f9f7a9b8da6416712f7732851e0e0b6a485402df01db4e4ad5f67da4eccc0acb33163935360d7e261700e
SHA1 hash: e145826eed3e0f4d1cd5246df61626bb44eed297
MD5 hash: a06b6eb93c99815ab73d6fbaceb59ae3
humanhash: delta-cat-social-timing
File name:Industrial machine quote.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:498'780 bytes
First seen:2020-05-21 10:43:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:NzxFTQs0OItUNJiXxRy+sYhQkmVkqbL14F/fkJh:NzxFBbItRX/Ls4Pm2mLSd4
TLSH 58B423489EA9D21291DD41243EBDBD6B3E4BFBD79E12240F1874F3A86A085CC14FD68D
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: opal.superdomainzone.com
Sending IP: 69.175.104.242
From: Gregory M. Simmons, CFP™<papelaria@derlipapelaria.com.br>
Reply-To: tphels@secretary.net
Subject: INDUSTRIAL MACHINES NEEDED URGENTLY........PLEASE SEND QUOTE ASAP
Attachment: Industrial machine quote.zip (contains "Industrial machine quote.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.49161.12086.16310.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 11:37:16 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
23 of 47 (48.94%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip e0051accbbfeeca8279f9de3e36d284346de15ce28bcdcc707542ee614046d06

(this sample)

AgentTesla

Executable exe 4664b88274ef7c903d7eb7c18ab51ba8109640210334f648d696afcecf935ddd

  
Dropping
MD5 41615850b17ff0e5c9ea11e7b26e4ef2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4664b88274ef7c903d7eb7c18ab51ba8109640210334f648d696afcecf935ddd

Comments