MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77ad2ab308efe933405b3e5fe3c4d2083060e33b3fd2befc73eca88eb83f59e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77ad2ab308efe933405b3e5fe3c4d2083060e33b3fd2befc73eca88eb83f59e7
SHA3-384 hash: 07cc2f6e15b4a9bd2bcbb50f3424fc417bd82bf8821df969f971d6fb5dbcec4ccf5fd4a392d573f74ae96ccdfd6ad266
SHA1 hash: ffef7a92500f60aedcd7aca14f44948aa07ba3f2
MD5 hash: f1c80be3a004d4d31a613f775f02cdff
humanhash: low-may-coffee-magnesium
File name:Enumerazione Metalsider - Ordine di febbraio 2020.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:285'264 bytes
First seen:2020-05-27 11:42:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:rcNMoHACsr1WmmersaNvix0tZwkwVNh9bL5tNWowo:0MoHACO1WmmcXvXGLn5tIw
TLSH FB5423744AC9F37492FB5598FA0C58B1F5A12AFC57F79816C12A71B2A86CD3E1833423
Reporter abuse_ch
Tags:AgentTesla geo ITA zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail01.iglumedia.com
Sending IP: 84.246.210.161
From: Elena Nykyforova <Elena.Nykyforova@metalsider.it>
Subject: RE: [Ordine da febbraio 2020] Si prega di trattare come urgente
Attachment: Enumerazione Metalsider - Ordine di febbraio 2020.zip (contains "Enumerazione Metalsider - Ordine di febbraio 2020.exe")

AgentTesla FTP exfil server:
ftp.kultecivata.com.tr:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.672128.20708.23037.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Razy
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 12:36:12 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
10 of 48 (20.83%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 77ad2ab308efe933405b3e5fe3c4d2083060e33b3fd2befc73eca88eb83f59e7

(this sample)

AgentTesla

Executable exe 385d2aecc243498ba82e78d7c8b539aedf909e781496a320463d2dcba77a40bf

  
Dropping
MD5 d9698ac2d7069a91b406c7fc90959b96
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 385d2aecc243498ba82e78d7c8b539aedf909e781496a320463d2dcba77a40bf

Comments