MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc607510637e08d88661ebb48c5e0da3c787a87c2e94683c266b896b8d2202f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: fc607510637e08d88661ebb48c5e0da3c787a87c2e94683c266b896b8d2202f5
SHA3-384 hash: 60b98e6ffe6e9d4ce6dc92c7fcf6dd28a318422995f8cfe3e154d7db8438fd9b361bbcfc7be8a75c85541654c3498b28
SHA1 hash: 9e95c75f0336928a110afc846d598949f4703109
MD5 hash: 9254fee60397ea3d20ee6b5397e9375f
humanhash: don-shade-lion-winter
File name:Payment-Copy.zip
Download: download sample
Signature n/a
File size:580'635 bytes
First seen:2020-07-31 10:13:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:JsPv7XmklqVymbEIqNqbR4kFYOR8S5DgZoX9Ybnw:oXBlEyyEIqNqbRtF0SlgZU9Ybw
TLSH EBC4235FC28C5A7E4C5FECC8BA1280D8E0A6C1049ED8E1FB1C5D0DF9C8A2FDA2595479
Reporter @abuse_ch
Tags:AgentTesla zip


Twitter
@abuse_ch
Malspam distributing AgentTesla:

From: sales1@mikronix-gauges.com
Subject: Swift-Copy
Attachment: Payment-Copy.zip (contains "Payment-Copy.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
28
Origin country :
US US
Mail intelligence
Geo location:
IT Italy
Volume:
Low
Geo location:
Global
Volume:
High
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Status:
Malicious
First seen:
2020-07-30 20:41:17 UTC
AV detection:
25 of 48 (52.08%)
Threat level
  5/5
Threat name:
Kryptik
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip fc607510637e08d88661ebb48c5e0da3c787a87c2e94683c266b896b8d2202f5

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments