MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0d8264fabf1ca2d192a05422252289a76a594036ebc757e5f9ae69ed83d525d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0d8264fabf1ca2d192a05422252289a76a594036ebc757e5f9ae69ed83d525d
SHA3-384 hash: 8ff5dc4981bcdbaf9420fe47c21dbbea1a7a4a424f8a147fbca5bf1368b64421c5da2ea0284382f1e064a083c2d0cc3a
SHA1 hash: 5c6ade0ffaef2e6043ffba23913c4e1783573a17
MD5 hash: 37378ea5d80afa23a1981a9411a0d26e
humanhash: vermont-queen-nitrogen-grey
File name:SOA APRIL.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:505'610 bytes
First seen:2020-06-03 12:54:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:ALOYdR7FBDkYwSLPEE3tDkpvL1tX3n5fvqZunqcAsLzNeL1U1RXKA4:KR7FBguDEE3dkpvD3nhygnhFIL0VM
TLSH C4B4239EAB8EBA42FD9DFD2C1B466034766BC7393E9A6D434CCD21814016C60736DE87
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gotoubi.com
Sending IP: 103.145.253.10
From: Sharon <sharonliu-dlc@gotoubi.com>
Subject: SOA TILL END APRIL
Attachment: SOA APRIL.zip (contains "SOA APRIL.exe")

AgentTesla SMTP exfil server:
mail.tolipgoldenplaza.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 15:18:52 UTC
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4dmcmt5l6hfc2gjkavbceuritj3klfadn26hk7s7tltj5wb5kjoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip e0d8264fabf1ca2d192a05422252289a76a594036ebc757e5f9ae69ed83d525d

(this sample)

AgentTesla

Executable exe 0ed8342c19d8ff14d83588ca91cc6b5ab6bd811de15f05e5497d62ba25e56365

  
Dropping
MD5 2a0f351d2091f584260d729a5b278a84
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0ed8342c19d8ff14d83588ca91cc6b5ab6bd811de15f05e5497d62ba25e56365

Comments