MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f053832bc19d9a856e5fdc7a87d4e9d6f2cbd78f01b9282897e1a041e2494d80. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f053832bc19d9a856e5fdc7a87d4e9d6f2cbd78f01b9282897e1a041e2494d80
SHA3-384 hash: 9da9c3057d05771d898960ce4e62b8e170ec034e18a0920f24c8d923bce520f294a37f9c5334077d030cdd6ee2321194
SHA1 hash: 570024ad314fd2ada07acda8d90c2fade309fa49
MD5 hash: c57f01d8329363bf8defd0892539d0b0
humanhash: fix-xray-tango-washington
File name:new corrected document.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:496'954 bytes
First seen:2020-06-10 07:15:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:LaealMQMmVKdBH6mTe9ea5LxMpfZgbSJl4W/PBg:LgnMRvHy95sfZgA4KPBg
TLSH BCB423303758A9E066075A59BF752AFBA32B01778C049C945FA2783FF26D2A1D9CD3C1
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: medtekindia.net
Sending IP: 45.90.222.94
From: Silva David <anuradhad@medtekindia.net>
Subject: Please let us know what you think about the new corrected documents
Attachment: new corrected document.zip (contains "new corrected document.exe")

AgentTesla FTP exfil server:
ftp.tsd.in:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:17:04 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6bjygk6btwnik3s73r5ipvhj23zmxv4pag4sqkex4gqedysjjwaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f053832bc19d9a856e5fdc7a87d4e9d6f2cbd78f01b9282897e1a041e2494d80

(this sample)

AgentTesla

Executable exe 4106d7796887912eef46c78f6f62593d12152ae114e6e67c004afcaddb4296f5

  
Dropping
MD5 7c694d5632c9b57fe7ce059ca46f5a56
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4106d7796887912eef46c78f6f62593d12152ae114e6e67c004afcaddb4296f5

Comments