MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e94c805929d4292d5dfea9e345da5e88795dc905c02d330d9da8515670057d88. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e94c805929d4292d5dfea9e345da5e88795dc905c02d330d9da8515670057d88
SHA3-384 hash: 3cdcc2f97bca48bdd3bd771d7c74a47757a5cc1f1ee8d5dfe3173cea49b99f3abf8eb5affd6e5272c4db8022790189bd
SHA1 hash: 0b8a96ee2ddfe547b4e69df962fe91f7b112a496
MD5 hash: eaef48f1e48e25d5e5e6605f4eeb3730
humanhash: maryland-nuts-eight-potato
File name:ORDERS5_PDF.GZ
Download: download sample
Signature AgentTesla
Create hunting rule
File size:396'912 bytes
First seen:2020-06-29 09:15:35 UTC
Last seen:2020-06-29 11:36:32 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:k9wlGzQMovI5FM4Wb9aeW5393YATWJclI:k9q7g5KFjW53tvTI
TLSH 848423E87D00DC5516ED2266B63F904F9BC1E473A0759761B2FE044529E3BB8CA8E1CE
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sitc.vn
Sending IP: 192.119.71.157
From: "Purchase Department" <admin.hph@sitc.vn>
Reply-To: "purchase Department" <saleslon@allimond.com>
Subject: urgent order!!!
Attachment: ORDERS5_PDF.GZ (contains "WMTR0987S5__PDF__.com")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e94c805929d4292d5dfea9e345da5e88795dc905c02d330d9da8515670057d88/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 09:17:03 UTC
AV detection:
18 of 30 (60.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5fgiawjj2qus2xp6vhrulws6rb4v3sifyawtgdm5vbivm4afpwea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz e94c805929d4292d5dfea9e345da5e88795dc905c02d330d9da8515670057d88

(this sample)

AgentTesla

Executable exe 3d9dcaab541c278bd14cfdc7b333296c44bf36be1443fa381f61784c9d871f2c

  
Dropping
MD5 5f410ef6b8a6564d02cf58d007189ae1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3d9dcaab541c278bd14cfdc7b333296c44bf36be1443fa381f61784c9d871f2c

Comments