MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 43085437a2fcc42cbc228b21d9cbacdc43bd09935f0af48c08631f131bbd8906. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 43085437a2fcc42cbc228b21d9cbacdc43bd09935f0af48c08631f131bbd8906
SHA3-384 hash: 164364990e5f46c047d7c7c7adac499a6fe56e2439ad313ee0406602cb189ea9704250a57c8d2851f33a458c982fbd5c
SHA1 hash: 4e0be5fcb4b1a3e5d0a7f765405ffd5a801dbb31
MD5 hash: 07aefb6a076dacdce4d177e08e24bbd6
humanhash: north-green-floor-foxtrot
File name:Prompt 190520.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:398'909 bytes
First seen:2020-05-19 09:51:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Kxni/WZaYuF+8WqChavudpFJTiWIQlfRvy:K5iOZaYuA8WXhaoZIcy
TLSH 658423B806A67A0B7BF122FB34CED797340FD4C2205BE04BD2C95EB0E5298D99A75449
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: saranaprimelestari.com
Sending IP: 209.58.149.66
From: Trikora Ibnu <sale@saranaprimelestari.com>
Subject: Request For Quotation
Attachment: Prompt 190520.zip (contains "Prompt 190520.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 10:35:42 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=imefin5c7tcczpbcrmq5ts5m3rb32cmtl4fpjdaimmprgg55reda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 43085437a2fcc42cbc228b21d9cbacdc43bd09935f0af48c08631f131bbd8906

(this sample)

AgentTesla

Executable exe 93530061a5471c3924101d67487ae9bb3e7bba6417942b2b75186ccbdc7c52bc

  
Dropping
MD5 b41412844e0fc9a59bd4324f99415aec
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 93530061a5471c3924101d67487ae9bb3e7bba6417942b2b75186ccbdc7c52bc

Comments