MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34e6d8f1e4514ee68313087f76780ac47af0083a83f3721cd475fa63462c6abf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34e6d8f1e4514ee68313087f76780ac47af0083a83f3721cd475fa63462c6abf
SHA3-384 hash: 01e19ccb90b53f0f3ab63ab0b19291b1e5ba4f02d0d53e93855ee18593a2ee630cdaa13ec5728014e490c5ed04e41aa3
SHA1 hash: f03a75cdb970c92682a980821305aad37658518b
MD5 hash: a9de74ddaf7cb80298e2682edac871c5
humanhash: undress-coffee-oranges-may
File name:200521quote from Ali Gokcan.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:453'870 bytes
First seen:2020-05-26 14:46:39 UTC
Last seen:2020-05-27 08:42:36 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:H3QPdV6jmXKlI9DhP3lDaK/H2YKlGC3qqregbnD:XQ+lyNlKYKlxqg/
TLSH C6A423075A5B9B51CC718B85E5A6EABE2053BF8400C35B480748BB0EA3D607CBED76D3
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email
From: Ali Gokcan <sales@ivalco.com>
Received: from ivalco.com (unknown [209.58.149.69])
Date: 26 May 2020 12:42:04 -0700
Subject: TOP URGENT QUOTATION FROM ALI GOKCAN
Attachment: 200521quote from Ali Gokcan.pdf.gz

Intelligence

File Origin
# of uploads :
2
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 20:06:50 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 34e6d8f1e4514ee68313087f76780ac47af0083a83f3721cd475fa63462c6abf

(this sample)

AgentTesla

Executable exe 15e766c225abc0a85a5acc8553bfc6b1851c4a7282039a467adeef8e81dffa3b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 15e766c225abc0a85a5acc8553bfc6b1851c4a7282039a467adeef8e81dffa3b
  
Dropping
AgentTesla

Comments