MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13c5b8234323df2ad8ee675b6bf9eab899c8a01d9b5c8e67e27bd9ad43219a8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 13c5b8234323df2ad8ee675b6bf9eab899c8a01d9b5c8e67e27bd9ad43219a8c
SHA3-384 hash: 7d18d24b119bfbad56c062511149839840378eb6a14ba2259388a40fb1cc0100aada1c8a954226da3f4162484ba68550
SHA1 hash: 082f4c4fd51aed17bbb10c14081a5ffe8d66723f
MD5 hash: 5966865c1d500ebcb5efc352fa41ce87
humanhash: table-skylark-seven-network
File name:PO-00763783-sn-997588983y3.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:366'348 bytes
First seen:2020-06-10 10:03:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:OupBQ+49L2LlLX/9s/qdBd6DztpDCeHH0VbU7Vzq2OtH+zbW8y7NiXkSNfNePqaT:OgBWiRX/9Osu5pD7nbq5CbW8y7ekoleT
TLSH D67423C04A5144D62D6B083A2A5E815E596092936EC76314ECE62CC539EB8393FFEFC7
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: taghtiran.srv.narganit.com
Sending IP: 91.98.96.133
From: Lee Seo <L.seo@krones.com>
Reply-To: Lee Seo <nurdan.ozirneks@gmail.com>
Subject: Quotation From our customers
Attachment: PO-00763783-sn-997588983y3.7z (contains "PO-00763783-sn-997588983y3.exe")

AgentTesla FTP exfil server:
ftp.autobulbs.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.MSILPerseus.225418.15991.6850.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 10:05:06 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cpc3qi2deppsvwhom5nwx6pkxcm4ria5tnoi4z7cppm22qzbtkga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 13c5b8234323df2ad8ee675b6bf9eab899c8a01d9b5c8e67e27bd9ad43219a8c

(this sample)

AgentTesla

Executable exe c34f654e19e3278a770dbb05fe373b3347ffe493613fa85a21262b54ddf74010

  
Dropping
MD5 5f0c850a841e891535dabd2d14049b47
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c34f654e19e3278a770dbb05fe373b3347ffe493613fa85a21262b54ddf74010

Comments