MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 efd6040359f5606667a315e12fa51c1e3eab0a4aa969059f06fccc55a5a9464e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: efd6040359f5606667a315e12fa51c1e3eab0a4aa969059f06fccc55a5a9464e
SHA3-384 hash: 44e3dc9f499355d26fb095a69fac99cfeac01abbb2e6ba191593d221dbabcd0e651a0063d5dc47e2eddc34bfaea0706f
SHA1 hash: 26516695029f5bc1cd42c52de32fb7d7c7d2d60a
MD5 hash: 0aeffb2526e3c579504034d7fbcfcf96
humanhash: mountain-red-mobile-island
File name:ANIS FOOD SDN BHD.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:420'652 bytes
First seen:2020-05-11 14:08:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:/ax2HZnF/9RCkNK1uYKcy8jApfcwaEy5H+hzyeEL25p6G3IzlqEAs:gCF/LLYBfua+zfEa553ulqEAs
TLSH DB94233F2B5A608F14E7F4963518D1E61A591B0ACF98EBB05E995072F04333B8F46973
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: euskoauto.vservers.es
Sending IP: 188.164.198.145
From: AMACC Corporate Services <collection@amacc.com.my>
Subject: Statement Of Account
Attachment: ANIS FOOD SDN BHD.zip (contains "ANIS FOOD SDN BHD.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 14:18:56 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=57laia2z6vqgmz5dcxqs7ji4dy7kwcskvfuqlhyg7tgfljnjizha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip efd6040359f5606667a315e12fa51c1e3eab0a4aa969059f06fccc55a5a9464e

(this sample)

AgentTesla

Executable exe b020ed473e1a965d4de31c00fed475e683f808d9665b207bb41cfdb77f53bcfe

  
Dropping
MD5 47f543a19962040a65bdd85947bb00b6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b020ed473e1a965d4de31c00fed475e683f808d9665b207bb41cfdb77f53bcfe

Comments