MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00dbeac5899db5464b4a0e6797aed27f1a7788badaa57777c52f2752cb9f3251. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 00dbeac5899db5464b4a0e6797aed27f1a7788badaa57777c52f2752cb9f3251
SHA3-384 hash: 9702634abce2228d5fdb5d8ff05db74b3db5c425782ea8e971542052eda0be020fc6e086732dcfece3b9d41150cc7d91
SHA1 hash: 33fe3702501c3433cb584a6dad4f764818104704
MD5 hash: 4096a01f7257106801835cf579f4f611
humanhash: beer-yankee-cardinal-oscar
File name:CONSIGNEE BL. NO GLNL20063871.z
Download: download sample
Signature AgentTesla
File size:364'177 bytes
First seen:2020-06-30 13:35:31 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:hSTp+njgFR6SZO6erHRBnBpj/osJQLKnohitq8qP5eIHJELPDCE4B6Nq3pTq9Dmd:wl+njgn6ZRBnBp7XJQLKnoh8U5eYJELK
TLSH BF7423D4F041D4EA90B90C92D1C1AFC76E63A4EA418C1DE7827DB7AB0B4D79E120ED76
Reporter @abuse_ch
Tags:AgentTesla z


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: petrit.best
Sending IP: 104.129.0.123
From: GLT - NATTAPOL <nattapol@globelink-thailand.com>
Subject: CONSIGNEE BL NO GLNL20063871
Attachment: CONSIGNEE BL. NO GLNL20063871.z (contains "CONSIGNEE BL. NO GLNL20063871.exe")

AgentTesla SMTP exfil server:
mail.daiphatfood.com.vn:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 33
Origin country US US
ClamAV No detection
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/00dbeac5899db5464b4a0e6797aed27f1a7788badaa57777c52f2752cb9f3251/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 13:37:04 UTC
AV detection:11 of 48 (22.92%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 6.56%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 00dbeac5899db5464b4a0e6797aed27f1a7788badaa57777c52f2752cb9f3251

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments