MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a00115f4a9e20f6f982db8332779ccd02a8dbf9bb1db45e54a21d374b24cf3b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a00115f4a9e20f6f982db8332779ccd02a8dbf9bb1db45e54a21d374b24cf3b4
SHA3-384 hash: bfdf2222d354e885ce763fe721c09a8564e534f04938b026351c3f94a5c13e7b3b5fd2f235b7153107870f147ee28bcf
SHA1 hash: 0302647ffb10134335740017bba74894a31a5a6e
MD5 hash: fbcd0cb9ece0628d818cfbea031d7fe3
humanhash: johnny-london-floor-lake
File name:Statement of Account.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:391'612 bytes
First seen:2020-06-04 12:42:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:+6/0MfhjFsUtcZsXANoo84dNEUED4K9Lyde2IqSJERafEFOh/F+Sz2a:R0MpjFrimIXdalCdeFu0httqa
TLSH 728423583DA72C3C699E8EC53CDBA6AD7ED1E05914340C1E22A2F79E015E143366ACDF
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: joister.net
Sending IP: 103.2.236.240
From: msosupport@bd.nilorn.com
Reply-To: msosupport@bd.nilorn.com
Subject: Overview of Unpaid invoices - Statement of Account May 2020
Attachment: Statement of Account.zip (contains "Statement of Account.exe")

AgentTesla SMTP exfil server:
mail.haden-tours.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 13:36:37 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uaarl5fj4ihw7gbnxazso6om2avi3p43whnulzkkehjxjmsm6o2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip a00115f4a9e20f6f982db8332779ccd02a8dbf9bb1db45e54a21d374b24cf3b4

(this sample)

AgentTesla

Executable exe 9a813db555b2a251a1068f50b1b02d642bb570337058f7f3a7028cafccbe1f54

  
Dropping
MD5 3ee58a720e88f477d6f817c44aa7c47b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9a813db555b2a251a1068f50b1b02d642bb570337058f7f3a7028cafccbe1f54

Comments