MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 310f370ebe70036386deba13cc02cec4e2239240dece625f81c1a6eecf4e632c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 310f370ebe70036386deba13cc02cec4e2239240dece625f81c1a6eecf4e632c
SHA3-384 hash: b8b66e065310e6dbd860c4cd5089d5a8a5e066d2ccb5373f8510d5bbedcdeb153d4c53b2f56808dceba6b7a1389933fc
SHA1 hash: 576910c81aadfcd3fec8de7347235582233200ef
MD5 hash: 21b58ab0467dcc6457bec9e781cbcb2c
humanhash: oven-double-emma-single
File name:TT Swift Maksajuma dokuments ar atru apstiprinajumu 9029938829 doc.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:512'841 bytes
First seen:2020-04-30 12:46:26 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:LNCi83PGiukT2cYiAoCqqjPQHCdqDLfx6wIFBnb5kg:LUiuZYPjPQidqB6wIL1J
TLSH 52B423CB858B786727D9B54D221BE16F8243635EF010476E7CCE4B521E4BCA742DC8DA
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mx7.chaiyohosting.com
Sending IP: 202.43.46.47
From: faxno_reply_banca_solvenia <sales@erawanfood.com>
Subject: TT Swift Maksājuma dokuments ar ātru apstiprinājumu 9029938829 pdf
Attachment: TT Swift Maksajuma dokuments ar atru apstiprinajumu 9029938829 doc.7z (contains "TT Swift Maksajuma dokuments ar atru apstiprinajumu 9029938829 doc.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 13:35:53 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gehtodv6oabwhbw6xij4yawoytrchesa33hgex4bygto5t2ommwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 310f370ebe70036386deba13cc02cec4e2239240dece625f81c1a6eecf4e632c

(this sample)

AgentTesla

Executable exe 4f0b93c2d1c0fabce1b2d422675bd8dbe9c4805bb2bc791e7289fe608f07170b

  
Dropping
MD5 f2f4a859900a1fd2262170ecb849bff3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4f0b93c2d1c0fabce1b2d422675bd8dbe9c4805bb2bc791e7289fe608f07170b

Comments