MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a17e3b3257f5ba1397927a6704a83513f41eecfea2c6b653b7a34e9a0ce15ae3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a17e3b3257f5ba1397927a6704a83513f41eecfea2c6b653b7a34e9a0ce15ae3
SHA3-384 hash: f6043ddf125a6773ec4dbf52f9ec8360d97743f7687f29f7a17f905e9e97fd34fbb886b91d6ec3c7454c5b018bfc1aba
SHA1 hash: e352240d782e19a5999b0a5ed082e5cfadffce8c
MD5 hash: 8cc78267bd2feb23673b102dcd41c888
humanhash: texas-montana-lima-mountain
File name:SWIFT DOC _679388 TT 190617_2019-NLCIV000003576_ES146009_30309679.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:411'672 bytes
First seen:2020-06-04 06:32:56 UTC
Last seen:2020-06-04 11:55:54 UTC
File type: z
MIME type:application/x-rar
ssdeep 12288:g8b95m7zy3X5Jvmd7Yk3ThkYqgDjTu4z+xs:Tc7GnvvRITxqAT33
TLSH B694237E36E090720F35F6AF670DE2899D81BA294E73C11D85A69F9C183A5F4037C99C
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: lasfragancias.com
Sending IP: 200.110.77.218
From: bilig@vakifleasing.com.tr <fpolicentro@lasfragancias.com>
Subject: AW: Swift
Attachment: SWIFT DOC _679388 TT 190617_2019-NLCIV000003576_ES146009_30309679.z (contains "SWIFT DOC _679388 TT 190617_2019-NLCIV000003576_ES146009_30309679.exe")

AgentTesla FTP exfil server:
ftp.connectus-trade.net:21

Intelligence

File Origin
# of uploads :
2
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 03:56:58 UTC
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uf7dwmsx6w5bhf4spjtqjkbvcp2b53h6uldlmu5xunhjudhbllrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z a17e3b3257f5ba1397927a6704a83513f41eecfea2c6b653b7a34e9a0ce15ae3

(this sample)

AgentTesla

Executable exe 8d8f5359c667a99c46f42508271b0ab6c25654a450ed04fec2aec7f8e8f75ed4

  
Dropping
MD5 b707082c411b84335881744af6a70960
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8d8f5359c667a99c46f42508271b0ab6c25654a450ed04fec2aec7f8e8f75ed4

Comments