MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 22f216a1f50f03c8d2042771c32cd2d93056bb5a823e02bdbfc3089d668c969e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 22f216a1f50f03c8d2042771c32cd2d93056bb5a823e02bdbfc3089d668c969e
SHA3-384 hash: 4e1a60c89407ef86c96f7447d104fcd1fdb3d462e73a727dca79fecb7a1e4cf07144ab836bb31bfc9359cb288cbc3056
SHA1 hash: 635016a3afdd83afad781a2247efe0b177b86c83
MD5 hash: 38accbe37314378bd640dd9139c24bff
humanhash: green-indigo-mars-asparagus
File name:flanges.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:315'414 bytes
First seen:2020-05-06 08:20:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:U2pnq9mhW0Has+r1mLBSQOHs8+7iMtsggw/NRj9xzYHB3sCxHkYGR1:U2Vq9mxHasW68D7+Og3j9xkh3bUR1
TLSH 0F642379011A3B129DAA3C15E2ABECC5753389BCBCF7E490E35248E1F81749E25E50C6
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp1web.tin.it
Sending IP: 212.216.176.195
From: brlerda@tin.it <brlerda@tin.it>
Reply-To: brlerda@tin.it <brlerda@tin.it>
Subject: I: RFQ for flanges_EGR pipe
Attachment: flanges.zip (contains "flanges.exe")

AgentTesla SMTP exfil server:
mail.primefinancebd.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EIOD.22698.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Mbt
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 12:13:21 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=elzbnipvb4b4ruqee5y4glgs3eyfno22qi7afpn7ymej2zums2pa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 22f216a1f50f03c8d2042771c32cd2d93056bb5a823e02bdbfc3089d668c969e

(this sample)

AgentTesla

Executable exe 2b13ba26dab38906e8389ca9448abe505e1b5d64762f8052fd0c884e6de3e51c

  
Dropping
MD5 a59fae57c80ab148a88cd39c03f70987
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2b13ba26dab38906e8389ca9448abe505e1b5d64762f8052fd0c884e6de3e51c

Comments