MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a81e1b21490ca5ff56b391e976f82de11e3dccda04456fddf045e8e0318eb10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a81e1b21490ca5ff56b391e976f82de11e3dccda04456fddf045e8e0318eb10
SHA3-384 hash: 96ebf2ef26122ac73a3fe05937878ae38577c0a0e246893df48bc8b6019d0bbb8771c903e506001c032311bc49fd362c
SHA1 hash: 5b2f06a0680d88528139995b8b2c77a635e20a70
MD5 hash: 1903b49d4a2500d404bdcd9f1506bfa5
humanhash: utah-butter-paris-venus
File name:0020027409011933_05-13-2020.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:389'065 bytes
First seen:2020-05-13 11:13:48 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:IZsxBjst52F+d28J4grmEL8849L/+rwEhbs6hfb9MEbiO0HIyQ4yCyo/KAZ:1C5kc2WDt49KUERXb9M1OfuyCtCAZ
TLSH BC8423942A36337B718F559A591BC56A45E3E1B62B8C1C48BFBF9064C0CB3277D40AF8
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mx.regikonyvek.hu
Sending IP: 185.43.207.161
From: Karina Caminos <karinacaminos2@hotmail.com>
Subject: Pago de facturas (BANK Swift Copy)
Attachment: 0020027409011933_05-13-2020.7z (contains "0020027409011933_05-13-2020.exe")

AgentTesla SMTP exfil server:
mail.elhelado.com.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 11:36:55 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fka6dmqusdff75llhepjo34c3yi6hxgnubcfn7o7arpi4ayy5mia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 2a81e1b21490ca5ff56b391e976f82de11e3dccda04456fddf045e8e0318eb10

(this sample)

AgentTesla

Executable exe 3e2931cb793d52c5e3253abd7efa9c5c5da9fe766cc93a012ff784fe48694c7a

  
Dropping
MD5 fbc66dd14f31214c68d15659f71219bf
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3e2931cb793d52c5e3253abd7efa9c5c5da9fe766cc93a012ff784fe48694c7a

Comments