MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69b2552fa3ca966b5eb3523e47e354b60b263c923c936ae2e77b03d470f5ef38. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69b2552fa3ca966b5eb3523e47e354b60b263c923c936ae2e77b03d470f5ef38
SHA3-384 hash: a230ee64ec06e899e98f232b11c50350be33e4175040b999ee870c21fbe67794b9637b5299921f2fb9752b320f524806
SHA1 hash: 5152b7eb0970618350271da74d595d9ffe197344
MD5 hash: 8461a6bc219d58638ce666377547b9ee
humanhash: double-sink-one-bluebird
File name:Swift.pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:388'498 bytes
First seen:2020-05-27 06:59:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:VuirAx7swi/Utwt1YHD2iGl2ey15mGP78puvgRGm7d09hYlYU5aj5wUfnp+L2Cq/:kirAkDt1WD29Ip11PIwIvlYU5aj51ubu
TLSH 6C84233A26360E235DFC2EF5CD369688D01EC27B53F91C51BCA27902C79999DC316B46
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cosmodt.com
Sending IP: 185.126.202.96
From: ZOE SHI <nancy.yang@cosmodt.com>
Subject: RE: 材料出貨-優盛
Attachment: Swift.pdf.zip (contains "Swift.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.gc.2412.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 07:15:34 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
14 of 31 (45.16%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 69b2552fa3ca966b5eb3523e47e354b60b263c923c936ae2e77b03d470f5ef38

(this sample)

AgentTesla

Executable exe 345eea8453a5fd5cd1a5aa11865ef59c187a30b61bf221c2d6276f0f8f4c907c

  
Dropping
MD5 9ec451a121e3d160ae56f7827d6a0819
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 345eea8453a5fd5cd1a5aa11865ef59c187a30b61bf221c2d6276f0f8f4c907c

Comments