MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 516da7aa09c46c6b58ec334c3d1210799810d70ddcd89e5670cdba1235bf36ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 516da7aa09c46c6b58ec334c3d1210799810d70ddcd89e5670cdba1235bf36ae
SHA3-384 hash: 207c40b67b15059d81f6fe57e8e0503a3133bb96261465817f691b3527e0291968efb644f775d948eec95fdee77e12b9
SHA1 hash: b8923348234a22625093d4dea745fb9cf6c4efe8
MD5 hash: 149de1c04009594f1af6b59cf5095878
humanhash: xray-mississippi-north-april
File name:Clientsdetailsandflightdetails.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:542'457 bytes
First seen:2021-01-15 15:54:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:KJUJthBgU4neLgMO5jENfSvz71W0WbfxWKu:KJSrV4neUMO5I5SvtZQZWKu
TLSH 00B43348416048619C8E7E83819F9EEC364C924618F68739ACA73FBE50DDD0957CB3FA
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: secure.zrl.com.zm
Sending IP: 216.194.164.118
From: Travel World Group.es <mariam@travelworlwild.com>
Subject: QUOTATION 16 PEOPLE - 3 NIGHTS 28-31 MARCH 2021
Attachment: Clientsdetailsandflightdetails.zip (contains "Clientsdetailsandflightdetails.exe")

AgentTesla SMTP exfil server:
mail.royalhotelapartmentet.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
195
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.504.4708.1654.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/516da7aa09c46c6b58ec334c3d1210799810d70ddcd89e5670cdba1235bf36ae/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-15 15:55:11 UTC
AV detection:
7 of 46 (15.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kfw2pkqjyrwgwwhmgngd2eqqpgmbbvyn3tmj4vtqzw5benn7g2xa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/516da7aa09c46c6b58ec334c3d1210799810d70ddcd89e5670cdba1235bf36ae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 516da7aa09c46c6b58ec334c3d1210799810d70ddcd89e5670cdba1235bf36ae

(this sample)

AgentTesla

Executable exe f88aacaed09465c022d30acf7a1304e42cf0c91f703130576eb831be417af022

  
Dropping
MD5 7f1a4b47285ae0349015748170c49ba8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f88aacaed09465c022d30acf7a1304e42cf0c91f703130576eb831be417af022

Comments