MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2b96f1120b13dd9aacafe1f10c8dde8d698ce467b8ea0c526ff02790aaca88f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: f2b96f1120b13dd9aacafe1f10c8dde8d698ce467b8ea0c526ff02790aaca88f
SHA3-384 hash: 82984f45f986f04e3eca442374fdada71e3054df1aa8dd6a6c225e52f054bcf9ef3921425edadb9288d91e0d043efb39
SHA1 hash: da5fd1054dc2a631aa94d98b669115a80b81e471
MD5 hash: 0d4f05904728d2b92b100f7d0c4d5651
humanhash: equal-juliet-green-cat
File name:pagamento.pdf.zip
Download: download sample
Signature AgentTesla
File size:234'549 bytes
First seen:2020-06-30 12:18:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:nC0MPadRW1xCfC9iDzkmNl4Wl+jxj1WJWCcHSBqR/e:vHWHQuiDIWA10WCcHSBqY
TLSH 71341230DFC13270A677A52509DF07AB6C1D994B345C6782E28BD359E2E44FCAE6B830
Reporter @abuse_ch
Tags:AgentTesla zip


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: ns1.evs47.com
Sending IP: 149.62.169.35
From: ANALLISA - GRUPPO ENERGIA <nuovametaltecnica@gmail.com>
Subject: R: I: R: I: Pagamento dell'ordine di rame ENERGIA
Attachment: pagamento.pdf.zip (contains "pagamento.pdf.exe")

AgentTesla FTP exfil server:
ftp.iug-trans.md:21

AgentTesla FTP user name:
ori@iug-trans.md

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 26
Origin country US US
ClamAV Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/f2b96f1120b13dd9aacafe1f10c8dde8d698ce467b8ea0c526ff02790aaca88f/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Kryptik
First seen:2020-06-30 12:20:07 UTC
AV detection:15 of 48 (31.25%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f2b96f1120b13dd9aacafe1f10c8dde8d698ce467b8ea0c526ff02790aaca88f

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments