MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d49f38b20837381e98944441585d0473b553dcb66bf4d36e557a950c5aaf17d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d49f38b20837381e98944441585d0473b553dcb66bf4d36e557a950c5aaf17d5
SHA3-384 hash: 5d21bc49c0b97412a7e6cfac7b215a4dbe6f4e068f6d4e74ea3fda52ba92f6c8a19fed9336289bc12a030dbd791b79f2
SHA1 hash: c93c6772e69d623ebcaa77bbdc3284093b2ed660
MD5 hash: 67a765c783321cdf303ee3de397e8a4e
humanhash: table-lithium-pennsylvania-maine
File name:Urgent Inquiry-1911INQ0059.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:542'030 bytes
First seen:2020-10-05 12:00:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:d+zhXt6PhoSpQEx7RbQPsC3DOu+UePSCqKT414esY5LYX:d+zhgZogBah2UePyKT414DF
TLSH 12B423944BA133CBFD60A612740C3E43BDD0B6FF23932D659D1B75A68128E8B3AC5463
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: als.sparkmail.jp
Sending IP: 202.233.10.33
From: Ms Lim <info@powerplus.com>
Subject: Urgent Inquiry-1911INQ0059
Attachment: Urgent Inquiry-1911INQ0059.zip (contains "Urgent Inquiry-1911INQ0059.exe")

AgentTesla SMTP exfil server:
mail.fsqcs.com.au:587

AgentTesla SMTP exfil email address:
invoicing@fsqcs.com.au

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d49f38b20837381e98944441585d0473b553dcb66bf4d36e557a950c5aaf17d5/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-10-05 07:02:55 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2sptrmqig44b5geuiravqxieoo2vhxfwnp2ng3svpkkqywvpc7kq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d49f38b20837381e98944441585d0473b553dcb66bf4d36e557a950c5aaf17d5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d49f38b20837381e98944441585d0473b553dcb66bf4d36e557a950c5aaf17d5

(this sample)

AgentTesla

Executable exe 4a4f7d774032e80c392ff7fe598a05736cf4f71dc0dcf5616ce980f9cbb598ae

  
Dropping
MD5 9faef2d8724db5ccf2c9aeb0be774602
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4a4f7d774032e80c392ff7fe598a05736cf4f71dc0dcf5616ce980f9cbb598ae

Comments