MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fef13330bf0a6aab736ea5436aeaf774cc6f6a0a5876271ea69c776e6b83517d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fef13330bf0a6aab736ea5436aeaf774cc6f6a0a5876271ea69c776e6b83517d
SHA3-384 hash: 8d7802110c58cdc739b9d8fc92e78db188aa884f6e5b7c74972f005f6090288fade46f167713842b85282b43be7b6d20
SHA1 hash: 23fc51e64fad7496bb68bf131b4ce1ebb6d5c5e3
MD5 hash: 43a23a87c47b3cdb9076abd2b1a73cc9
humanhash: leopard-wisconsin-steak-uniform
File name:CV Rina Molina.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:331'738 bytes
First seen:2020-07-02 12:24:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:MYNFS9eRSmTB71mbwGYSEy2VLdVak7QVLlWEiSMnN8qEU:XNFdsQBZcSFVaVZQEirN/z
TLSH 0564239CB1B28912A1F0B7778A1DB57A6833530A4768B0F0538FD5A8784E3B0D66F52D
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server9.acidados.net
Sending IP: 176.221.34.180
From: Rina Molina <Molina-rina5935@gmail.com>
Subject: CV for administrative assistant
Attachment: CV Rina Molina.zip (contains "CV Rina Molina.exe")

AgentTesla SMTP exfil server:
smtp.pharco--corp.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WQV.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fef13330bf0a6aab736ea5436aeaf774cc6f6a0a5876271ea69c776e6b83517d/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 12:26:10 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=73ytgmf7bjvkw43ouvbwv2xxotgg62qklb3cohvgtr3w424dkf6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip fef13330bf0a6aab736ea5436aeaf774cc6f6a0a5876271ea69c776e6b83517d

(this sample)

AgentTesla

Executable exe 18646a2607b76f94076a1b6ca579e2bfc24cfe36693511a1ef559c0ee254ac74

  
Dropping
MD5 cfa8faa6c9669f74e120e96df10ded17
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 18646a2607b76f94076a1b6ca579e2bfc24cfe36693511a1ef559c0ee254ac74

Comments