MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 720c6384bb40877e28a100633b26155a04c79db0995da1ed25007250981fc37e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 720c6384bb40877e28a100633b26155a04c79db0995da1ed25007250981fc37e
SHA3-384 hash: 9d5995316fc249062ad42e1ea0793364a7914e9a9c7a2f2ccf10e6ff30d1e865c54ba713abdf2fa58564020571362ad2
SHA1 hash: d4f40ba3a106c9490db675b504e810bd749f9a6b
MD5 hash: af71217bdb01af7908c20f0828925557
humanhash: nine-red-iowa-eleven
File name:Drawings_P.O Spec, HALLEY.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:366'083 bytes
First seen:2020-05-12 07:16:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:OjRE4QtICVl9UESQ1eChtVGXg39X0O4wjyTEiwthr3/I2pFocPlRc:6jXCjmtQ1eChag1544yYi+hs2Do+Rc
TLSH 387423AE4022F98F45D313F64B58A2123DE9A08D35998851539A63F4F2CD4866DF3DFC
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: pdlc34160.ciberserver.com
Sending IP: 176.221.34.160
From: Radu DOBRE <radu@halleycables.com>
Subject: New Order - P.O HALLEY PROJECT// CONTACT US
Attachment: Drawings_P.O Spec, HALLEY.zip (contains "Drawings_P.O & Spec, HALLEY.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 07:35:43 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oigghbf3icdx4kfbabrtwjqvlicmphnqtfo2d3jfabzfbga7yn7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 720c6384bb40877e28a100633b26155a04c79db0995da1ed25007250981fc37e

(this sample)

AgentTesla

Executable exe cc8ced87461f345694c927ccd2e09c93ac5522d63940f4fdfa2e36dd13286a6f

  
Dropping
MD5 a6ccbff3457b4519c8c46b14faa9c977
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cc8ced87461f345694c927ccd2e09c93ac5522d63940f4fdfa2e36dd13286a6f

Comments