MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf3a8bfad2a39e64ef4675802b833d3620fa15aaf4219c93488b1141854d4ab3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf3a8bfad2a39e64ef4675802b833d3620fa15aaf4219c93488b1141854d4ab3
SHA3-384 hash: c336eeed5c5f0c9963d6b65e18a8d1f646f875edbb70bfb6966ba4903334f5db9f00668a7f8fdaa50d512300dfa80863
SHA1 hash: 207dcb077c941ecaef0c91bf842cfc6a3ba8a3e1
MD5 hash: 2baca9f50bc765c598fab21d5399c3bd
humanhash: magazine-zulu-salami-ohio
File name:11. MV Golden Incus - Ships Particulars.pdf2.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:374'493 bytes
First seen:2020-06-12 07:55:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:vY5nhhrJ+oGeTwYZEBTDDJ33st1JlFP/uETfKa1l3aDaftN1T7iIsupiUvVsyDta:QJhhrJ+VWTmPKzrP/uETPl3aAN1TeIsv
TLSH 328423E5D475CBF9CDFA39823B24885D122329338C5B1EDB5D988B7452AB1F0B2201F9
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: star.whitemarkhosting.com
Sending IP: 72.11.134.186
From: DICK SHAWN <dickshawn@163.net >
Subject: MV Golden Incus/PDA's
Attachment: 11. MV Golden Incus - Ships Particulars.pdf 2.zip (contains "11. MV Golden Incus - Ships Particulars.pdf.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 07:57:05 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x45ix6wsuopgj32gowacxaz5gyqpufnk6qqzze2irmiudbknjkzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip bf3a8bfad2a39e64ef4675802b833d3620fa15aaf4219c93488b1141854d4ab3

(this sample)

AgentTesla

Executable exe b186287c6298b4ca285cb9da1e82ffd351c4195f7673d93aa595aa987cb01676

  
Dropping
MD5 de559530c89eb0d34e63d9aa5e3dc512
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b186287c6298b4ca285cb9da1e82ffd351c4195f7673d93aa595aa987cb01676

Comments