MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52276bd85f5c189cf0cffdfc2b128c4e66e1fa955d2b5a040faa852061230cc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52276bd85f5c189cf0cffdfc2b128c4e66e1fa955d2b5a040faa852061230cc9
SHA3-384 hash: 8e745647194eb44e7ae04122eb7f1b5306e104bd4a9ac44ef0a7d5bb7404c29707e2340520f68e20b8256031d17d635f
SHA1 hash: c889b4bb5fbbae40e6b319b62084c2a76a74ebdd
MD5 hash: ed8700b53c311b266b8ceed23f91fa50
humanhash: failed-sierra-saturn-may
File name:ZIP.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:745'825 bytes
First seen:2021-04-06 08:13:40 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:uMM2Gd+2G3IeJPqnXq6jzFlcxYSkzF3Nc3qyRc7ToImwKL+zYKO9FtDYt924:Y2GHrWqnrzFlcubZbh9CP9FtDK924
TLSH BFF433C3A61DDC42392FC372B1E06038EE6C747C8F2E97F2F154AEA7615AD476929205
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.axxin.co
Sending IP: 185.121.120.163
From: postmaster@axxin.co
Subject: PO#98796427521
Attachment: ZIP.zip (contains "ZIP.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/52276bd85f5c189cf0cffdfc2b128c4e66e1fa955d2b5a040faa852061230cc9
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/52276bd85f5c189cf0cffdfc2b128c4e66e1fa955d2b5a040faa852061230cc9/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2021-04-06 08:14:09 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kitwxwc7lqmjz4gp7x6cweumjztod6uvluvvubapvkcsayjdbteq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/52276bd85f5c189cf0cffdfc2b128c4e66e1fa955d2b5a040faa852061230cc9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 52276bd85f5c189cf0cffdfc2b128c4e66e1fa955d2b5a040faa852061230cc9

(this sample)

AgentTesla

Executable exe eed201f6b8c3196b4389e553c12dc2a298dbe1e6decefc94873a25560d71365c

  
Dropping
MD5 55b64c753f12b0c9b5b338dd52dbe3b2
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eed201f6b8c3196b4389e553c12dc2a298dbe1e6decefc94873a25560d71365c

Comments