MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa3d1cebb7bfcfa4de14d62a5bc25b6db575bdb7eb8c3772b904bd3d734e4a5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa3d1cebb7bfcfa4de14d62a5bc25b6db575bdb7eb8c3772b904bd3d734e4a5d
SHA3-384 hash: 93f338de9dd315fc835817fa8a6d924d7cb6c8b8de7972acb22ce8852cb771c839637feaf6e70912180c93c9009e03a3
SHA1 hash: e5b059fb672d98ed727a6c0a9b9f8df69606c330
MD5 hash: 3a0126ae46a038794dc2dde72092b9ec
humanhash: alaska-network-uranus-blossom
File name:78493 list.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:271'082 bytes
First seen:2020-05-22 14:59:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:tLOUiV2gv8o9riiePfkV8CRQQI/LFTgc9b8SU87uAW9Rv:4Ui4G8e7eUVFkFTRPUtrj
TLSH F944234B714F3459857CD029662F9204B584E23AF462E9EFDB03FC69C4779FC798902A
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gateway36.websitewelcome.com
Sending IP: 192.185.199.121
From: info@styloharness.com
Subject: Product Inquiry
Attachment: 78493 list.zip (contains "78493 list.exe")

AgentTesla SMTP exfil server:
premium49.web-hosting.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VZM.26428.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 15:35:58 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip aa3d1cebb7bfcfa4de14d62a5bc25b6db575bdb7eb8c3772b904bd3d734e4a5d

(this sample)

AgentTesla

Executable exe 478e251a7e2ffa430c227bd864455173c2c5e2e0560170d4edeff7966a31dba4

  
Dropping
MD5 b966813c0de84b9f7ad7f76084b01d98
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 478e251a7e2ffa430c227bd864455173c2c5e2e0560170d4edeff7966a31dba4

Comments