MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f8348cc7af11e982fab4f8e35d0b7c554948b4ea50eccf8a4a7c2496eef6715. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f8348cc7af11e982fab4f8e35d0b7c554948b4ea50eccf8a4a7c2496eef6715
SHA3-384 hash: d15f7bef6447968e445a29ed037377188ca5a82f973a85438b3309c386c0a762b8c1354839cc2e517087f9e07173e8cb
SHA1 hash: 8577eece1132984d017e4f9afc7fb1de7ea2b657
MD5 hash: 502b7eec4a8d210b7f99cb7a9012dc8a
humanhash: charlie-spring-nevada-lithium
File name:Swift-Copy.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:441'472 bytes
First seen:2020-05-26 11:02:05 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:7J3S0GRI2OcyReHo8f1CY3D2/+BjwrojhC3mH4bvVlbwxwNpJqx8jWP1/4FPrzwN:pS0OfJX0F8jMC4bv3bwx+7qx8jA4pXg
TLSH 1394237079E2F099A7F1CF99522C8CDE83721735BD644BB5F04A940791FBC898E19C92
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: bachishoes-tatainternational.com
Sending IP: 45.137.22.150
From: Kuehne-Nagel L.L.C<santhi.g@bachishoes-tatainternational.com>
Subject: RE:RE:Swift-Copy
Attachment: Swift-Copy.rar (contains "Swift-Copy.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 11:36:52 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
16 of 30 (53.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 2f8348cc7af11e982fab4f8e35d0b7c554948b4ea50eccf8a4a7c2496eef6715

(this sample)

AgentTesla

Executable exe 8a49b9fb3c4b399946bb1d113f1bb66e02ef7886cafbbe5a5f450c7a1fb1e430

  
Dropping
MD5 60c5cd9f5a30618dfbd330bc20cdf00c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8a49b9fb3c4b399946bb1d113f1bb66e02ef7886cafbbe5a5f450c7a1fb1e430

Comments