MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9385ebb307a91583f99d2483bc9b06fd83c390fb8b199bb0be53a4ab0b8518d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9385ebb307a91583f99d2483bc9b06fd83c390fb8b199bb0be53a4ab0b8518d0
SHA3-384 hash: 007c51fce9ecfb04f4e124bbd19c0a0d206632405a791039089220480115b196c4a2996243db0a00bbfe0427f4b663ff
SHA1 hash: 3877a6bee47d46ad10bc9cfe1581e6da5a60b9e0
MD5 hash: 5dbd33b00a767f9ad9e4369aa95dffd0
humanhash: lamp-carbon-montana-one
File name:Cesión de Créditos.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:403'100 bytes
First seen:2020-05-12 09:24:09 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:W5AqCAV41zwry1zG62CiQxe9rzdc+znp4na5k0IL:W6OV8zUpTCc9vdFKa5UL
TLSH 86842386C2AEEAFE0DBA51B3592BD4F2C2B77C46402BE4CA3754EF128C4D5730D456A1
Reporter abuse_ch
Tags:AgentTesla BBVA ESP geo gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vl20102.dns-privadas.es
Sending IP: 62.138.142.11
From: Confirmlng.bbva@bbva.com
Subject: BBVA-Confirming Cesión de Créditos
Attachment: Cesión de Créditos.gz (contains "Cesión de Créditos.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 09:36:44 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=soc6xmyhvekyh6m5esb3zgyg7wb4heh3rmmzxmf6koskwc4fddia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 9385ebb307a91583f99d2483bc9b06fd83c390fb8b199bb0be53a4ab0b8518d0

(this sample)

AgentTesla

Executable exe 2890defa015590771a48e957d5a81dc2f2a6a86b784a8764f135cdd72f0d4e7d

  
Dropping
MD5 b6fdb347eca8545836f866dcc3c3ec81
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2890defa015590771a48e957d5a81dc2f2a6a86b784a8764f135cdd72f0d4e7d

Comments