MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be7f87d32499d22975c499c4589c65fc582b7e0e063a1aebd5335c676d32b804. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be7f87d32499d22975c499c4589c65fc582b7e0e063a1aebd5335c676d32b804
SHA3-384 hash: ba5915a8534fb14c8877c8c1a537145a77bc823f90488fe96ad5109917d09fbafd7c7976e1a10a9b7bad9d7f1f4cf0a7
SHA1 hash: 8db2f75d949211f36e12476138ecbfac49594a3b
MD5 hash: 135ddbbcbfa83b1d64d8366c26a3f124
humanhash: stairway-pluto-solar-emma
File name:USD SWIFT _SCAN TT 190617_2019-NLCIV000003576_ES146009_30309679.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:401'409 bytes
First seen:2020-05-24 12:39:20 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:XUJ/PiCE7DhzHbetb+is88XhH7K9T8/Pfz9OJkXcrk/z3DhU2O/aAkhiTQF8nDv6:aP07DhHw6lRH7KOHfzYksY2zMiDvHa
TLSH D98423C622EBE7D15C0E60AD79BC91F9BA0D38D34B711C42D99B61A3825EBF04B46B44
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: lasfragancias.com
Sending IP: 200.110.77.218
From: Vakifleasing <info@barbieri-belts.com>
Subject: AW: swift
Attachment: USD SWIFT _SCAN TT 190617_2019-NLCIV000003576_ES146009_30309679.z (contains "USD SWIFT _SCAN TT 190617_2019-NLCIV000003576_ES146009_30309679.exe")

AgentTesla FTP exfil server:
ftp.connectus-trade.net:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-24 13:35:27 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z be7f87d32499d22975c499c4589c65fc582b7e0e063a1aebd5335c676d32b804

(this sample)

AgentTesla

Executable exe e5e67a58a5c8ac1191af8304119716d63852b79606de062758b4778b23c74f91

  
Dropping
MD5 6ea0dde3c0f41cbca72e470fd0a5026c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e5e67a58a5c8ac1191af8304119716d63852b79606de062758b4778b23c74f91

Comments