MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d5c0f8108fb9dea496c4ecb93dae7878dce816756b889ef197491848513dfbf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d5c0f8108fb9dea496c4ecb93dae7878dce816756b889ef197491848513dfbf
SHA3-384 hash: b5d0a0abd45788e15295c40c58af837e5b268ab1c809c4a73016334905c8da6c2412e326b8a8325e391eae69346a0a0c
SHA1 hash: 788747cda08ba8aaeaefc43d6aa237960e0ca539
MD5 hash: ee3228ed165179f3cee0e597724e6c54
humanhash: johnny-michigan-crazy-missouri
File name:PROOF OF PAYMENT.UUE
Download: download sample
Signature AgentTesla
Create hunting rule
File size:478'745 bytes
First seen:2020-08-18 08:51:54 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 12288:ZyRqUFOTcjRivDWD9HgAWRtceypGF8XzVkYHWOVBb12AtNR:QDcc9ivDQheuzVkcx9DR
TLSH C4A42376351D1D24FC303541BE8DFBB3E28EA8F29CB54ABF3EA7096A54085502B14AE0
Reporter abuse_ch
Tags:AgentTesla uue


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: Shawn <cafe@skatetown-roseville.com>
Reply-To: <shawnggd@gmail.com>
Subject: Proof Of Payment
Attachment: PROOF OF PAYMENT.UUE (contains "PROOF OF PAYMENT.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3d5c0f8108fb9dea496c4ecb93dae7878dce816756b889ef197491848513dfbf/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 08:53:05 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hvoa7aii7oo6uslmj3fzhwxhq6g45alhk24it3yzosiyjbit367q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

uue 3d5c0f8108fb9dea496c4ecb93dae7878dce816756b889ef197491848513dfbf

(this sample)

AgentTesla

Executable exe 2119e2edacd5fd8a85697a8f271f328c2337ce04fb86d9aa6c38007bf78a0ce4

  
Dropping
MD5 89f884a7f504cdb9981f40e84f67a874
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2119e2edacd5fd8a85697a8f271f328c2337ce04fb86d9aa6c38007bf78a0ce4

Comments