MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c93b2e5437769a30e512a711ca27632b529736967d1c07b5b497eb9944f70374. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c93b2e5437769a30e512a711ca27632b529736967d1c07b5b497eb9944f70374
SHA3-384 hash: 7fec34f8e208bd5c758cee7b79fbd51131082f31d77a3044194ecf1cd1ae7dd9fe8d02cbb4413b5b715283375724366e
SHA1 hash: e7df8c5cef47ee32ff495e320dc2d11802cb9301
MD5 hash: ba1dcc0f74dfef6cf5661a21169ab63b
humanhash: india-two-queen-muppet
File name:NYRNC200420511_FreightArrival.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:399'972 bytes
First seen:2020-05-28 16:41:13 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:duExlO9JwMmJqFK7uSQqQDDjZpkD4MseePMlAoGBrauY1NPpTZDfY3Y1t5wLFw+W:dl8ZmMXSQLjAsMmPMQaj51kQVMy51
TLSH 3984237674974E22B5EC69F1F68B780C285EE35B7CBD46326C3692A834ADA102381D74
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mout.perfora.net
Sending IP: 74.208.4.196
From: Intercargo/Nyc-Grace <deckow@rebingul.us>
Subject: ARRIVAL NOTICE / FREIGHT INVOICE [FORM ORDER-NYRNC]
Attachment: NYRNC200420511_FreightArrival.zip (contains "NYRNC200420511_FreightArrival.exe")

AgentTesla SMTP exfil server:
mail.karmachalets.co.in:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis4E94B9A30251.8609.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 17:36:32 UTC
File Type:
Binary (Archive)
Extracted files:
11
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c93b2e5437769a30e512a711ca27632b529736967d1c07b5b497eb9944f70374

(this sample)

AgentTesla

Executable exe cb2792644a81d965b332d8d165e1e6f75894b43942a33d7e367f9b3a36d4a2bf

  
Dropping
MD5 4e94b9a3025122a9949b79b37eeb3cff
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cb2792644a81d965b332d8d165e1e6f75894b43942a33d7e367f9b3a36d4a2bf

Comments