MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a5a9e05bc0d7b9e979666734ebc1c66acad3c58d1640614ccf38346499e3b36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a5a9e05bc0d7b9e979666734ebc1c66acad3c58d1640614ccf38346499e3b36
SHA3-384 hash: a3f3e1d2c454c505190b20235538160e632e94faf0625a34bc052c9b42d323e8019dc42f686506fa09d9b9f60ce1dee8
SHA1 hash: e258343f4ad755bf492ffecf76a3157ba0515053
MD5 hash: 5ef232e41d43a8e36acba4387426d32c
humanhash: violet-nineteen-seven-cardinal
File name:REVISED INVOIVE.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:419'231 bytes
First seen:2020-05-26 08:20:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:jvemz6eShF6OUzLSPRl0fZAHr65cD5MNnHUVo5aCmB/LUkLUJsNU8SaGF0wuzvE6:jmFtUzL/ZAHkm0Zm8ssaGJugCz7ckB
TLSH 2894235C54AC1E9076B06FB0DE3118C9D5FBD88BC40DA89229076641ABEEBFACDC543D
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.sgbcg.com
Sending IP: 113.11.251.241
From: Sales <rabih@emirates.net.ae>
Subject: Re: REVISED PROFORMA INVOICE
Attachment: REVISED INVOIVE.zip (contains "REVISED INVOIVE.exe")

AgentTesla SMTP exfil server:
protectorfiresafety.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WBA.13159.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:36:58 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 7a5a9e05bc0d7b9e979666734ebc1c66acad3c58d1640614ccf38346499e3b36

(this sample)

AgentTesla

Executable exe 0fc69a331beb9b0659e9d4721c885c82f94659f51495666b7d1d7f5de6ba5054

  
Dropping
MD5 d3af95eb473b2b8a07df7579e6e4f40b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0fc69a331beb9b0659e9d4721c885c82f94659f51495666b7d1d7f5de6ba5054

Comments