MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aca29c4a11fe5746555b5fa1cbed22c9d108f2954386c4c7620b7fd2414c5737. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aca29c4a11fe5746555b5fa1cbed22c9d108f2954386c4c7620b7fd2414c5737
SHA3-384 hash: 28e23deea3de27af854926f5183ede4de510a9003d2cb03c632dfeff9967ca3b6e60340d19d5f629001c39f485b5ce24
SHA1 hash: e480ddecdd0c7282cb1c6800b472c4e3d5ecd33b
MD5 hash: 212c23fa4c3089236b7e737ea95a55ee
humanhash: chicken-eleven-leopard-oven
File name:PO-052020.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:355'278 bytes
First seen:2020-05-04 20:41:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:NaB3o0Te6yjCCt2SmWUNMdKfCLxh070WZd76iRhgAbpNVfr9KPEn0MHBEDKsh2s8:NaBY0Te6yjCfY9bLadmogKLKPMNHBt2W
TLSH 0F742351D90BFC99C51B67C707F0A250DBAF3D9ADD516EA7628B0ACB47E4C0BC0C2612
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 192-254-161-42.unifiedlayer.com
Sending IP: 192.254.161.42
From: Galil Zabari <notifications@linkedin.com>
Subject: Galil Zabari from Isreal has sent you an inquiry
Attachment: PO-052020.zip (contains "PO-052020.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 04:03:26 UTC
File Type:
Binary (Archive)
Extracted files:
15
AV detection:
16 of 48 (33.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vsrjysqr7zlumvk3l6q4x3jczhiqr4uviodmjr3cbn75eqkmk43q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip aca29c4a11fe5746555b5fa1cbed22c9d108f2954386c4c7620b7fd2414c5737

(this sample)

AgentTesla

Executable exe 44d51da64812814df13933cf1f241f6b63dcf05a5614d5eb692884084493102e

  
Dropping
MD5 8c2dba4fe65800f3c73d92344005091c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 44d51da64812814df13933cf1f241f6b63dcf05a5614d5eb692884084493102e

Comments