MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f59b54c6783ac0f6b9e15dd03166767fdcf5735d91839d493263e7cae37ceb8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f59b54c6783ac0f6b9e15dd03166767fdcf5735d91839d493263e7cae37ceb8
SHA3-384 hash: bdb63f811efb3d63c4a87418f4c35c716350f4a9ec6baeb431cdaab95d79e4090ca5865463f7ee1308f4e34419c13c0b
SHA1 hash: 0a8b82a5a0f000dfd1d8018c4e3ab25e914bac95
MD5 hash: 75b29499aa3b14a09cb657c0b77d7d3d
humanhash: red-cola-london-blue
File name:PO4500005392.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:548'418 bytes
First seen:2020-05-05 11:07:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:XCRU2Nsq+bzguDzRmZX7BCQHncInUCJh3NiCHygtju4:SRdsqm0uJyrB9HcHCJhdiQhV
TLSH DDC423864293CFAB9C4B73B3C12DA53404BE675386498D72B6AD56D3A4C63F788CD18C
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sonic306-19.consmr.mail.gq1.yahoo.com
Sending IP: 98.137.68.82
From: Kum Wai Leng <waileng.kum@huationg.com.au.ms>
Subject: PO4500005392 Sheet 2020
Attachment: PO4500005392.gz (contains "PO4500005392.exe")

AgentTesla SMTP exfil server:
smtp.mail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EJWW.9741.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 11:36:57 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l5m3ktdhqowa6246cxoqgfthm7646vzv3emdtvetey7hzlrxz24a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 5f59b54c6783ac0f6b9e15dd03166767fdcf5735d91839d493263e7cae37ceb8

(this sample)

AgentTesla

Executable exe 102ac6c0d193add286a4339d2e63b2d43733d26364df195ecb942c7ae3fb8bfd

  
Dropping
MD5 0529a70c7d01908f3fe58e62a67dd559
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 102ac6c0d193add286a4339d2e63b2d43733d26364df195ecb942c7ae3fb8bfd

Comments