MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e1e59ca5589415663426562dbfc2a8a57b58da937c71e9e3c667a280e0745eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e1e59ca5589415663426562dbfc2a8a57b58da937c71e9e3c667a280e0745eb
SHA3-384 hash: 29b96c293a53a529eb001e536bd8a21eb5ced3b89baa493811b323b33b0afa76add12785782bc33c31f9b6527e0b9a6e
SHA1 hash: 94f795678219d47af646ba7ce70878c4209168fc
MD5 hash: b85e6f40ed3fb076512618a0e22f961a
humanhash: fix-october-queen-pip
File name:Booking form 3456278910-.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:722'721 bytes
First seen:2020-08-04 11:15:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:pZFY7NSM01h+nQLKk3DFk9OgD0/E5a8wke0LMlTS+TS/YutLgq2YFc:pfY7NSVKGcpDKEg8akUSDK
TLSH C4E433F110AB7E3AC294B8636F7BED0B780067A3CB306845666471B67B03ADD4D78945
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hotmail.com
Sending IP: 37.49.224.50
From: aditia malla<aadit94malla@hotmail.com>
Subject: booking form GJD04856-=UI8
Attachment: Booking form 3456278910-.zip (contains "Booking form 3456278910-.exe")

AgentTesla SMTP exfil server:
smtp.bnb-spa.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CIL.HeapOverride.Heur.20581.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0e1e59ca5589415663426562dbfc2a8a57b58da937c71e9e3c667a280e0745eb/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 10:14:36 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bypftssvrfavmy2cmvrnx7bkrjl3ldnjg7dr5hr4mz5cqdqhixvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0e1e59ca5589415663426562dbfc2a8a57b58da937c71e9e3c667a280e0745eb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 0e1e59ca5589415663426562dbfc2a8a57b58da937c71e9e3c667a280e0745eb

(this sample)

AgentTesla

Executable exe f03f7b19fd5b10cadcce4dcdaf7bc0f3e623a2ba1d6677e767c5ee4e3a042a66

  
Dropping
MD5 47e4764c08d75ac72c56b3bb6636ec8e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f03f7b19fd5b10cadcce4dcdaf7bc0f3e623a2ba1d6677e767c5ee4e3a042a66

Comments