MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5bf4be159ca020964bd43e59c16e37a47adaa7e53b14c9226398915859cd43da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5bf4be159ca020964bd43e59c16e37a47adaa7e53b14c9226398915859cd43da
SHA3-384 hash: 314a03fde8fa51ffbc2a88e2ffee568e57b1f38325944e36f4961da4b044074ac58cbdc6158655ad9e2fa9be3aa01b46
SHA1 hash: ee216984f189f87e4baf1e3b06ed0af765d43233
MD5 hash: 7b5135d8897df395ec3967c9b8a8bb85
humanhash: missouri-shade-chicken-enemy
File name:QUOTE 2586 17 _FLORIDA.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-12 16:32:50 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:P9usv5iEkCjDKdRdXT+z9Lwb7qetAPyC5FLyKo2R/FElG:1ukiXKOD+zS3xC9ou+
TLSH B7457C2323B446A2FB75B0FB9C5C6E10D134DEFF8881F94D2B6178671768261E17392A
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: qualifyenterprise.com
Sending IP: 103.133.111.162
From: Priscilla Paradiso <kferreira@qualifyenterprise.com>
Subject: FWD: QUOTE 2586/17 _FLORIDA (Supply)
Attachment: QUOTE 2586 17 _FLORIDA.IMG (contains "PO-838372.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:36:56 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lp2l4fm4uaqjms6uhzm4c3rxur5nvj7fhmkmsitdtcivqwonipna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 5bf4be159ca020964bd43e59c16e37a47adaa7e53b14c9226398915859cd43da

(this sample)

AgentTesla

Executable exe 9aaf988f70bcd0e53ebb665226e48a2c72e2df70f9dcf0b92ae879ec68bb8e22

  
Dropping
MD5 1ad684859874c4e034a06649d28122ce
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9aaf988f70bcd0e53ebb665226e48a2c72e2df70f9dcf0b92ae879ec68bb8e22

Comments