MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 679c595f14a5b4613e163f1151f9b8f31506a442acf8cf9b3380559e8c85a476. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 679c595f14a5b4613e163f1151f9b8f31506a442acf8cf9b3380559e8c85a476
SHA3-384 hash: e5936dc12b7fe442ff1aec7bbbd966edb2973b0f2821002968da7a0e4f33d7290758fdae68cdb19b0e60a9ec16a1197b
SHA1 hash: 4144c7782bda32fe268570027073fa143db32661
MD5 hash: 3d270b858b9c00e77f0c6a80fcd369c8
humanhash: network-uncle-william-oklahoma
File name:LPO NO-77198.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:532'053 bytes
First seen:2020-08-11 10:52:42 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:4xsv6c5HVqsQNNpbB+RA+CqoXWFu9Ybf1bU:qY6OVqbrpbB+Tzu25g
TLSH 33B423D6F21F1D0044F01C74698D97E8D6C846D240D1C6A9D6ADCCAADA9EECCF8D392E
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: kksecurity.com
Sending IP: 103.133.104.130
From: Kenya Kazi Services Ltd. <kkbilling@kksecurity.com>
Reply-To: Kenya Kazi Services Ltd. <kkbilling@kksecurity.com>
Subject: OUR LPO NO.77198
Attachment: LPO NO-77198.rar (contains "LPO NO-77198.exe")

AgentTesla SMTP exfil server:
mail.skyplanaircargoservicesltd.co.ke:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/679c595f14a5b4613e163f1151f9b8f31506a442acf8cf9b3380559e8c85a476/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-11 09:58:27 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m6ofsxyuuw2gcpqwh4ivd6ny6mkqnjccvt4m7gztqbkz5defur3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/679c595f14a5b4613e163f1151f9b8f31506a442acf8cf9b3380559e8c85a476

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 679c595f14a5b4613e163f1151f9b8f31506a442acf8cf9b3380559e8c85a476

(this sample)

AgentTesla

Executable exe a6fe2e076b4643ad2007fcc68d8d1cfb45600173641df048875fc9cec0f1bc72

  
Dropping
MD5 fb028823f36670b81d421823f572361b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a6fe2e076b4643ad2007fcc68d8d1cfb45600173641df048875fc9cec0f1bc72

Comments