MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f61d99c84eb89788191789a9ce46900c71966ad8389672315056e252ee2bf19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f61d99c84eb89788191789a9ce46900c71966ad8389672315056e252ee2bf19
SHA3-384 hash: 9b60ef11d7464abf8ede8f9fe945546100f793860e69eede38a37837d1e28e6bbb8d132cc9c6dcba9d8e7001c78cee3f
SHA1 hash: 52760e1c83140cd8e1a74ecc2e509f832d34de8e
MD5 hash: 7288279d7d1aa222da4dd1e4a1e9cbb0
humanhash: muppet-twenty-hawaii-delaware
File name:Mehmood khan cv.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:332'454 bytes
First seen:2020-05-13 11:01:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:tGUz4VFwnT14F26Mz5d5h8CoN3HiNlpW012F8f:wJ4RQMlh0NSNlsY2Cf
TLSH 0164235C934916CD2CE729EFFBA84497AF9B1B4E6FC3DB861004A1E411E29B77183172
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gmail.com
Sending IP: 37.49.230.30
From: Mehmood Khan <mehmoodkhan839@gmail.com>
Subject: Mehmood Khan CV
Attachment: Mehmood khan cv.arj (contains "referees association 5132020.exe")

AgentTesla SMTP exfil server:
smtp.bnb-spa.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 11:36:56 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f5q5thee5oexramrpcnjzzdjaddrszvnqoewoiyvavxcklxcx4mq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 2f61d99c84eb89788191789a9ce46900c71966ad8389672315056e252ee2bf19

(this sample)

AgentTesla

Executable exe 3be9a39a38e9b29caca887de4c983aa2839004bc0fdbec8767fc6001c46fb250

  
Dropping
MD5 0c74691685d2a5c95edf386600a13ed4
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3be9a39a38e9b29caca887de4c983aa2839004bc0fdbec8767fc6001c46fb250

Comments