MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d25dd21feb3b6763823bf6023c74252f62cd87d3a870ab93b3f4cc72ff919e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d25dd21feb3b6763823bf6023c74252f62cd87d3a870ab93b3f4cc72ff919e3
SHA3-384 hash: 204e23656c75a360e0896563c70d5e685045cba857771bd5b56ec06d5e128d41b60c27e69f21f39d69546ecace4c8111
SHA1 hash: 404e34b6a677e55022bf4d64eabf8543e9a69037
MD5 hash: 5ecc9568b80b2a07c4ff2562b7fca480
humanhash: happy-december-kilo-oklahoma
File name:4567654567865_pdf.GZ
Download: download sample
Signature AgentTesla
Create hunting rule
File size:722'043 bytes
First seen:2020-05-08 08:16:39 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:sIO5HQivKoj4eaX5d/cXo7df/oXh++fPr4G4ToKqwf6GH/UZbn3NjOe/61fgiFk2:E5wivvj4ey5C47dfEHfx4Trbf6GcZ3xM
TLSH 6BE43388F9317FA0278967D310D42B1C78BF5E17108D541B63B752A9DD92BCE0EAA1CB
Reporter abuse_ch
Tags:AgentTesla BBVA ESP geo gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: fnadj-34.srv.cat
Sending IP: 185.66.40.36
From: BBVA-Confirming Cesión de Créditos <confirming.bbva@bbva.com>
Subject: Cesión de Créditos
Attachment: 4567654567865_pdf.GZ (contains "4567654567865_pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-08 08:36:04 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bus52ip6wo3hmobdx5qchr2ckl3czwd5hkdqvoj3h5gmol7zdhrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 0d25dd21feb3b6763823bf6023c74252f62cd87d3a870ab93b3f4cc72ff919e3

(this sample)

AgentTesla

Executable exe b85052d41b6c2615c0a857de8b3bb5f8cd18b19e5a1361ab506cc863906987a1

  
Dropping
MD5 b86aa3faa0acd0321d52afc6d98b7951
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b85052d41b6c2615c0a857de8b3bb5f8cd18b19e5a1361ab506cc863906987a1

Comments