MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 416e82ebe29ed83f921bb3bb2c95802a9fa3ca0ed8ca49f4130e6b136208b439. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 416e82ebe29ed83f921bb3bb2c95802a9fa3ca0ed8ca49f4130e6b136208b439
SHA3-384 hash: ce732f9c8bfd7bc87db5dd9e307453441d5bc332c7b967d15bd1eff9aa10f638281c5b51148520f75a0e4c1e9fbdc7ed
SHA1 hash: 8e1e691876d68202c91cc0f6d737da8686f396a5
MD5 hash: ab21ae80702264d40feaf11693a3253b
humanhash: texas-montana-grey-mango
File name:HS1-1909260019.zip
Download: download sample
Signature AgentTesla
File size:431'822 bytes
First seen:2020-06-30 05:26:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:lGfy0YLmg9qkTo+WcnmKb8FqN8XrcuksjnGmeDyno:IMLV9rZWsAF484uDjG1D9
TLSH 789423AC4BC306D4F2D75E69EAD5165FDA060E9153843C2D0E25D37323A9EAB833C5B4
Reporter @abuse_ch
Tags:AgentTesla zip


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: pr6.mail2000.com.tw
Sending IP: 210.242.150.187
From: mkt <mkt@tb-speaker.com>
Reply-To: mkt <mkt@tb-speaker.com>
Subject: Re: new order No.305930960MN
Attachment: HS1-1909260019.zip (contains "HS1-1909260019.exe")

AgentTesla SMTP exfil server:
mail.cabseal.com:587

AgentTesla SMTP exfil email address:
goodluckoffice@yandex.com

Intelligence


File Origin
# of uploads :
1
# of downloads :
33
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Status:
Malicious
First seen:
2020-06-30 05:27:05 UTC
AV detection:
24 of 48 (50.00%)
Threat level
  2/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 416e82ebe29ed83f921bb3bb2c95802a9fa3ca0ed8ca49f4130e6b136208b439

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments