MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed698f527316018489c777f7638c37217ff88c22b3f2072b30babf7cc95dda4a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed698f527316018489c777f7638c37217ff88c22b3f2072b30babf7cc95dda4a
SHA3-384 hash: db96b4b2764383cde0777027c583a8b3bc3e7bca07b76cbb23976078624234d4cad1be88936aee01147a4ea377064603
SHA1 hash: f9c0452fb32e9b64ba875f83745a4a9a3b703cb5
MD5 hash: d79c477866d50df35bca82fe6908a3d7
humanhash: river-earth-fillet-fourteen
File name:Scan 0007052020.uu
Download: download sample
Signature AgentTesla
Create hunting rule
File size:457'995 bytes
First seen:2020-05-07 12:19:38 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:tGp08y9m6OrPz6+tppqgl9iqNNOs+U6N1QqjSgmDIan:f862bz6+YgfVO6qcDL
TLSH 9FA4239064A2E850A7853656985338CFC331E7B48CFD8F2687BB6454C38FDFA6E85D60
Reporter abuse_ch
Tags:AgentTesla uu


Avatar
abuse_ch
Malspam distributing AgentTesla:

Sending IP: 95.211.208.50
From: Ali Shehab <poonam@mafemobile.com>
Reply-To: Ali Shehab <artesanosdalvino.alberto@gmail.com>
Reply-To: Ali Shehab <artesanosdalvino.alberto@gmail.com>
Subject: RE: Pending Orders
Attachment: Scan 0007052020.uu (contains "Scan 0007052020.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 10:56:22 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5vuy6uttcyayjcoho73whdbxef77rdbcwpzaokzqxk7xzsk53jfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar ed698f527316018489c777f7638c37217ff88c22b3f2072b30babf7cc95dda4a

(this sample)

AgentTesla

Executable exe 9d4f8c3fe45181fed421f43fdf70dd51095e324b20af9ba36dbb76d74a46045f

  
Dropping
MD5 117325b2939ec4605c5357351b0fd059
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9d4f8c3fe45181fed421f43fdf70dd51095e324b20af9ba36dbb76d74a46045f

Comments