MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ee3632d3f9f98432efe493340081da437ce39d006fcd87425aaf5d17d28ea26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ee3632d3f9f98432efe493340081da437ce39d006fcd87425aaf5d17d28ea26
SHA3-384 hash: 7f0842fd6b26afb38a48d6a499b337245f3224916e10008b69aea6af4b7cc455f35438e337f5bd502482a04a09188f3a
SHA1 hash: 48b68e903dfb503d7ed3969f70f5a485673e1ef2
MD5 hash: a88bf29715ad5a55f40ffc81926e559f
humanhash: table-hawaii-fish-delta
File name:payment of your invoice 10000199.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:370'569 bytes
First seen:2020-06-11 08:55:49 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:fJSsbB2/2FVJ1fG64jh6GH8NRJC/bV0qnqddArgIc3Wn7OmLKiXsSbcCMQmdAS27:RTVVJ1OHEI8zaVnaIcyHXsf9Y
TLSH 567423B1352DEE3AA230027ECB975CC116B46EF5B834B35EA587AB22F10D4C17DA5052
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: lloydinsulation.com
Sending IP: 95.211.208.25
From: IMPORT<csb.somesh@lloydinsulation.com>
Subject: URGENT!!!! payment of your invoice 10000199
Attachment: payment of your invoice 10000199.zip (contains "payment of your invoice 10000199.exe")

AgentTesla SMTP exfil server:
smtp.proetizo.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.42048.5861.15404.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 09:35:54 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b3rwglj7t6meglx6jezuaca5uq344ooqa36nq5bfvl25c7ji5ita._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 0ee3632d3f9f98432efe493340081da437ce39d006fcd87425aaf5d17d28ea26

(this sample)

AgentTesla

Executable exe acb507d5c5d7c38651768061af692c76fd602b69452da6bbd7031dcbfd575d45

  
Dropping
MD5 277765867133e8ee78b32662549edd17
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 acb507d5c5d7c38651768061af692c76fd602b69452da6bbd7031dcbfd575d45

Comments