MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40963de95497e3d48c255382690a7d18ec1b6f0f2b9c62cdafc830862ca97f4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40963de95497e3d48c255382690a7d18ec1b6f0f2b9c62cdafc830862ca97f4b
SHA3-384 hash: d1375a06d5a2188d3df80a12dd54340c8eb11f879e3db4346ebcc07eadc727b3889f3d78f109940c5c1d4a2615bca91e
SHA1 hash: c1efd2de7f1c87d12b2cc735008f0475b5f6fec7
MD5 hash: 86ea2231c281e62531c25e4ac689f15e
humanhash: winner-low-mobile-hydrogen
File name:payment copy.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:416'206 bytes
First seen:2020-06-24 05:47:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:3toU1tbNAUdK94IogOa7ufwzL+FZr4vUE:3td1tOx4IdSgyFCsE
TLSH 83942350619C7C98DCB6BA48FC0FF34ABC31395E4E75C1A854CBC7DD9A516AAC9108F2
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.o-g.me
Sending IP: 164.68.104.12
From: Jawaid Ahmed <m.ababneh@hosbanclearance.com>
Subject: payment copy shipment documents
Attachment: payment copy.zip (contains "payment copy.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/40963de95497e3d48c255382690a7d18ec1b6f0f2b9c62cdafc830862ca97f4b/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 05:49:07 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=icld32kus7r5jdbfkobgsct5ddwbw3ypfoogftnpzayimlfjp5fq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 40963de95497e3d48c255382690a7d18ec1b6f0f2b9c62cdafc830862ca97f4b

(this sample)

AgentTesla

Executable exe bc02f7f4317f67dcc9ef60b524498431ec0ef0b261f715c4b20371e423b30fb5

  
Dropping
MD5 23dd8c43d332f7b7958b14d2f75900b0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bc02f7f4317f67dcc9ef60b524498431ec0ef0b261f715c4b20371e423b30fb5

Comments