MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc8d261dcb9a27066e2434ba3b0ba1e1d7965a861d0590e7707b40bc9835a23c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc8d261dcb9a27066e2434ba3b0ba1e1d7965a861d0590e7707b40bc9835a23c
SHA3-384 hash: 121a2b6138d19a385fea2b932f749e4f874080ccff0fae0abd8f5d02e4b79ce182bd166d6a1043b2a00b59faa98c304a
SHA1 hash: 9d3fd270ba2f367bee431795e81daebdebf4e6e9
MD5 hash: 111abbda9667d7194ce8b87d357ab3ea
humanhash: edward-purple-west-shade
File name:Confidential Purchase Orders 008887687.png.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:340'899 bytes
First seen:2020-05-11 14:54:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:muvHJejf47qjMREE6hW7HJweNA5xKnBPEHRXZVs1F/gfRmIvOIx/6P:HvHJejfToREE6E7HJweNSIn0XZ4AmIZQ
TLSH 03742356EDE4BE74E025DB22895A23FF0239119F8BD8C4974468C2F2F0E44D8DDBB915
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: archantiquities.com.tr
Sending IP: 37.49.230.30
From: Eng Rama Mahran<info@archantiquities.com.tr>
Subject: R&D Manager Al Sharhan Industries PO
Attachment: Confidential Purchase Orders 008887687.png.zip (contains "Confidential Purchase Orders 008887687.png.exe")

AgentTesla SMTP exfil server:
smtp.bnb-spa.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisB39292B7B36A.2921.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 15:37:34 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7sgsmholtitqm3regs5dwc5b4hlzmwugduczbz3qpnalzgbvui6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip fc8d261dcb9a27066e2434ba3b0ba1e1d7965a861d0590e7707b40bc9835a23c

(this sample)

AgentTesla

Executable exe 6891044a6a24da1e23d05bd2e910f951eabf3d6e47f4ad59d235e549a04c4e82

  
Dropping
MD5 b39292b7b36a8d40df8c585b93339d9d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6891044a6a24da1e23d05bd2e910f951eabf3d6e47f4ad59d235e549a04c4e82

Comments