MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea41a5bf19177ece7e79e16a999d82b4380ec84c8f41a879626e8c03cb30d3c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea41a5bf19177ece7e79e16a999d82b4380ec84c8f41a879626e8c03cb30d3c7
SHA3-384 hash: 261ce191d0a5aff018dad9652fc00c72b1c7588cf971e2ffdca005a4023776153d44b43d2f79666833eca182bda7abfe
SHA1 hash: e4d4ca5b6048272fc98889d07ea096da61aa25bc
MD5 hash: 9660e78207fd59c789e0c3c35979fde4
humanhash: avocado-sad-pasta-juliet
File name:po_01102021.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:395'850 bytes
First seen:2020-05-27 07:43:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:CqWyVhUaMom3E/Q68YxwSgoBAziJrg4pa+yMCzWomLGAoFtgqOeHW4R4WWwLBLkz:jh8KD8xVM2igyCzCLzoOef2WHLBq
TLSH A38423EFE2EBD1D568E6CCB53E64405817F9066110B63CFA65E362382F14AD03D71A86
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: exproxy2.efko.org
Sending IP: 195.133.216.98
From: a.v.sosnitskiy@efko.ru
Subject: Re: Urgent RFQ
Attachment: po_01102021.zip (contains "cTmfQ4CxyiwfHbx.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WBK.590.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 09:13:19 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
9 of 47 (19.15%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ea41a5bf19177ece7e79e16a999d82b4380ec84c8f41a879626e8c03cb30d3c7

(this sample)

AgentTesla

Executable exe 4862395a8b8b73119c051b767f84b352f96cadbe062e25de2bb9a1ce1a7cadbb

  
Dropping
MD5 7384830a652a3cd5675167f808e19f50
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4862395a8b8b73119c051b767f84b352f96cadbe062e25de2bb9a1ce1a7cadbb

Comments