MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01ba888e6ba63e9adc3debbc1f423f4bff084be0e78bb024ac8ebc1320bde6cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01ba888e6ba63e9adc3debbc1f423f4bff084be0e78bb024ac8ebc1320bde6cd
SHA3-384 hash: ad23ea8b4c991103d7cb7bdabb8adf91dceb71086dc1b7348d326d806ec0b456057bbaeb5eb3a7a93fec6fec32a842bc
SHA1 hash: 99695608345b6b423bea450bd611e7c015cee630
MD5 hash: 65faada0cf09a7012d35b03def378bd6
humanhash: steak-november-one-eight
File name:Requirements on plastic.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:277'001 bytes
First seen:2020-05-26 17:19:05 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:tfCU5h5cI1yR9HxeFXzAjoETdy1Cp/X8k+O7bnJddPnus5Xj2b9L3i:lC+zcI15FyoEpyFKbnJDfxy13i
TLSH 0A442388D0FF4BC674A3B87FA5D1160B94DEB64F44AA2ABC011834DFE64C2749A54377
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gateway23.websitewelcome.com
Sending IP: 192.185.48.84
From: julie@cnlabglassware.com
Subject: REQUIREMENT ON PLASTIC
Attachment: Requirements on plastic.gz (contains "Requirements on plastic.exe")

AgentTesla SMTP exfil server:
mail.keestersew.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 17:35:39 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
13 of 30 (43.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 01ba888e6ba63e9adc3debbc1f423f4bff084be0e78bb024ac8ebc1320bde6cd

(this sample)

AgentTesla

Executable exe f05b8b79b72f786326a8ffebd1603e7d12c9aa07b4ad6b502ee83fc03ad66ebb

  
Dropping
MD5 18138ae056658619f9bdede1c0ae10f7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f05b8b79b72f786326a8ffebd1603e7d12c9aa07b4ad6b502ee83fc03ad66ebb

Comments