MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33723d14a8e8c8067ca158af621bd25e4fbeabba466baf0f019ac0676f9167b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33723d14a8e8c8067ca158af621bd25e4fbeabba466baf0f019ac0676f9167b9
SHA3-384 hash: dd945e3ea4311ce35abfee56277fcacab786c26ebd6c6cc5a41b5dcb9b3991f51dc93df683e0fa42fe88dd28b53f61a4
SHA1 hash: 16bdbda052befc74f80a8cd19aa36a4c722e94af
MD5 hash: fd2b415b8260a759761988ecbf96a520
humanhash: undress-three-july-burger
File name:TD JMMasuda_Mfg.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:455'921 bytes
First seen:2020-05-26 09:24:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:MQYzEhQvHtJOcxpfeiSJSfG6l9nzczAFRBmbgSX6AtN6IQDXO:MQYQhUOsAzJeG6r447mUtIP
TLSH FEA4235B59EE61474665B50B07050A5A7384A4B05701C81D478FAE870EEA3B6F7BCF33
Reporter abuse_ch
Tags:AgentTesla HostGator zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gateway30.websitewelcome.com
Sending IP: 192.185.152.11
From: Patryk Mazur <Patryk.Mazur@tkship.com>
Subject: RFQ Our Ref: C38226
Attachment: TD JMMasuda_Mfg.zip (contains "#TD JMMasuda_Mfg.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Generic-7899865-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 09:36:48 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
20 of 48 (41.67%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 33723d14a8e8c8067ca158af621bd25e4fbeabba466baf0f019ac0676f9167b9

(this sample)

AgentTesla

Executable exe dec342263c6f268d05f7b6a533b15a2aa19e6c17220753deb1337f618a520d8d

  
Dropping
MD5 530731ce6a600b7e6d5f3c7220e99b4a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dec342263c6f268d05f7b6a533b15a2aa19e6c17220753deb1337f618a520d8d

Comments