MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e71d48446f34864aa31fa5652dfb3b557e7413cec04fb0bd45bc09f29881fdcd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e71d48446f34864aa31fa5652dfb3b557e7413cec04fb0bd45bc09f29881fdcd
SHA3-384 hash: 59c2bc8bf42c38a1da2a49991c6892fd4fc3fb1ddf0394d483262f384b6eade6df682c35b7cfcba704b01231e0f964a0
SHA1 hash: 6a27d585d4b0ab85c95d8c3b9dd197aa7cfd4f2a
MD5 hash: 29a5221c9f27b5b8ba6dd899b23e5866
humanhash: idaho-shade-golf-comet
File name:SC05122020.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:432'999 bytes
First seen:2020-05-13 06:12:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:BGj/Iku7g15fbQV+KBaUB/wsHefXoFuIVlsKemKNNu76VLjDjy5/C7tHqdRW7l:AIfgDC+8/HGjG7G/uYAyFSC
TLSH 6194234C002191BE77AF7C877519AF4C5B5C38E588618EC9C7BD3FB862A6ED53784884
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: qproxy6-pub.mail.unifiedlayer.com
Sending IP: 69.89.23.12
From: Michelle Schonne <sales@conen.com>
Reply-To: saIes@conen.com
Subject: Re: Subsequent Order
Attachment: SC05122020.zip (contains "SC05122020.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.67102.10523.18706.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 06:37:20 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
26 of 47 (55.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=44ouqrdpgsdeviy7uvss36z3kv7hie6oybh3bpkfxqe7fgeb7xgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip e71d48446f34864aa31fa5652dfb3b557e7413cec04fb0bd45bc09f29881fdcd

(this sample)

AgentTesla

Executable exe d50395ef9eff3dbaf836d41028e7231cecd43d80880592f2668e0be8cab5b06d

  
Dropping
MD5 15fb214dfa736ebae5e119bbe1f52852
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d50395ef9eff3dbaf836d41028e7231cecd43d80880592f2668e0be8cab5b06d

Comments