MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c7a74a940f525d01133c0878eaa4f6f641f68f9457104eb84947de98b527921. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c7a74a940f525d01133c0878eaa4f6f641f68f9457104eb84947de98b527921
SHA3-384 hash: 364b76a74a7cd86567c241f18a626202e4e701dc8d3faa34cd5f743645f3274fd2c9cae5b7840fa6ee78dc2971910301
SHA1 hash: 96ca8a1dcae6f825d1c27ae0375673f43f616bf7
MD5 hash: fbf9cf1d16638006d1d2964e1956c1c4
humanhash: snake-idaho-delaware-angel
File name:DHL receipt.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:450'459 bytes
First seen:2020-07-29 12:00:07 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:GzDnGpptT5e6/3sf5bZj0R7SHzLHfIDRIaPKPpgRED3v8C3WVZ:uGpph5p8hbGmHH/ciCc8Cu
TLSH DFA4233B9A244E29D285444D9B4CD99182F87F785E6F1F63D288DB3C846410AFA3FCB5
Reporter abuse_ch
Tags:AgentTesla DHL rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vps.qreyandcom.com
Sending IP: 45.95.169.97
From: DHL Courier Service <info@qreyandcom.com>
Subject: Fwd: DHL RECEIPT COPY
Attachment: DHL receipt.rar (contains "DHL receipt.exe")

AgentTesla SMTP exfil server:
mail.thebangkokshoppingguide.com:587

AgentTesla SMTP exfil email address:
sale@thebangkokshoppingguide.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2c7a74a940f525d01133c0878eaa4f6f641f68f9457104eb84947de98b527921/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 12:02:06 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fr5hjkka6us5aejtycdy5kspn5sb62hzivyqj24esr66tc2speqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2c7a74a940f525d01133c0878eaa4f6f641f68f9457104eb84947de98b527921

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 2c7a74a940f525d01133c0878eaa4f6f641f68f9457104eb84947de98b527921

(this sample)

AgentTesla

Executable exe 585b05096823a09fd7264ec95892658d0a12dc78ef2a8176646428ccc71db8cc

  
Dropping
MD5 45d9ce367dd75cef546f4d6c57a7392e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 585b05096823a09fd7264ec95892658d0a12dc78ef2a8176646428ccc71db8cc

Comments