MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e721d7c90fe00c664bf808e69606d831986f868c6d0e417994c5ef8b44c1e2cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e721d7c90fe00c664bf808e69606d831986f868c6d0e417994c5ef8b44c1e2cf
SHA3-384 hash: 7e7a49bf002a44dba3669b511f264d51df646561f1bd3a0dc264000d962ec9c54195fe2c6ea3e93f237e6063033ff227
SHA1 hash: 94139df1b8a34b85770fa63e0ce60ee6fbef87ec
MD5 hash: 333793dceb5c3b62033c2019d7a61901
humanhash: high-ceiling-oranges-nitrogen
File name:Pricelists and Offer.lzh
Download: download sample
Signature AgentTesla
Create hunting rule
File size:424'834 bytes
First seen:2020-06-12 07:49:28 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:stkRhg2h1batnY6US2fVKxoDeNumd7gwv8YfVhrY6b6OBgYkfi3U70sy+A/FFsyL:bHThAnYVJqNTT8YLB8Hn70sSFFyMD
TLSH FA94236B4FB6912EFC08C1DABC834F9A005BB8214D4AF1F6B9707146A14377E474EDA9
Reporter abuse_ch
Tags:AgentTesla lzh Yahoo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sonic315-14.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.134.124
From: Maria Bianchi <s.moses56@yahoo.com>
Reply-To: Maria Bianchi <s.moses56@yahoo.com>
Subject: Fw: RFQ FOR QUOTATION [UPDATED PRICELIST]
Attachment: Pricelists and Offer.lzh (contains "Pricelists and Offer.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 07:51:05 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=44q5psip4aggms7ybdtjmbwyggmg7bumnuhec6muyxxywrgb4lhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar e721d7c90fe00c664bf808e69606d831986f868c6d0e417994c5ef8b44c1e2cf

(this sample)

AgentTesla

Executable exe 74997c97a74d715ea7037d6265d944feacca559b5527a9a9a27d022b5ebbb3b9

  
Dropping
MD5 553d33660e4bf26f174e1ad298ea2c6d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 74997c97a74d715ea7037d6265d944feacca559b5527a9a9a27d022b5ebbb3b9

Comments