MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a463ba2de2c7e49bfc53e15d2a730d2dcf543ac0f3da36134da973c824e49d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a463ba2de2c7e49bfc53e15d2a730d2dcf543ac0f3da36134da973c824e49d3
SHA3-384 hash: 325a49def347b3c7a5be367c369d067481a90732e75025543d9ccc9cf1bac17e6fcd26700bb65da2c2e67a650c984270
SHA1 hash: e4055c5714627efdb02ca0e07a862923177a5275
MD5 hash: 6ead152423f696c4cd4354e7a69e61fe
humanhash: cardinal-single-early-beer
File name:AWB 4673369094IO_Y8YUHJJHVGC FCHV KLO......PDF.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:338'616 bytes
First seen:2020-07-02 06:49:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Q1BpT59SuW5Byuyh4Ul1hcNPeRIPA3rTZLkPs4QCNlrnQ4R5qAZBpNsA:onT59IyFrhUXwZ4Ps7Qlt5qALP
TLSH D97423B60D23DA2EC9375A8257E79C3C7773B991058C2A1F984BC69BB100CB5FCD8528
Reporter abuse_ch
Tags:AgentTesla DHL zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: siigas.com
Sending IP: 45.138.172.165
From: Kemas Akhmad Ainurridha (DHL ID) <prima.budipramono@siigas.com>
Subject: FW: DHL DOCUMENT-URGENT NEED AWB 4673369094
Attachment: AWB 4673369094IO_Y8YUHJJHVGC FCHV KLO......PDF.zip (contains "AWB 4673369094.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WQV.14531.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3a463ba2de2c7e49bfc53e15d2a730d2dcf543ac0f3da36134da973c824e49d3/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 06:51:11 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hjddxiw6fr7etp6fhyk5fjzq2lopkq5mb462gyju3kltzasojhjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 3a463ba2de2c7e49bfc53e15d2a730d2dcf543ac0f3da36134da973c824e49d3

(this sample)

AgentTesla

Executable exe 6f019b52d40fa6975b85802c83264877db5c47493fd9bf9307f5fba0ef2393aa

  
Dropping
MD5 0cbafabea2a3a145175e87c57281b5cc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6f019b52d40fa6975b85802c83264877db5c47493fd9bf9307f5fba0ef2393aa

Comments