MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f95ed817aaaddeb2839e1d413a65dc2ac32f104e2df1a832ab1d3a58095fcd49. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f95ed817aaaddeb2839e1d413a65dc2ac32f104e2df1a832ab1d3a58095fcd49
SHA3-384 hash: c2f151d2f1fa6ea89f4e21384d733af40fa1588671ca741cb4668824587a6d70fddf2edfa8887f8e7e37e05bcd98d2a3
SHA1 hash: d3bc3002e9ce57082e9ba7d175af5bed6f80ebc0
MD5 hash: 554491234ea396923d8c7512a08e2ef1
humanhash: alaska-uranus-white-apart
File name:Zanjan Project REQ. 1231-DE-01-PV-REQ-204B Stainless Steel Pressure Vessels For Ammonia Plant PKA_
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-27 08:48:12 UTC
Last seen:Never
File type:unknown
MIME type:application/x-iso9660-image
ssdeep 12288:hMjBdMynh1RNqdvfncxRBbJh5Fxj4lSQ:qjDMA1R4vfcnB
TLSH 2645BF9C721476DEC85BD0B68AA42C64ABA0747B530BD203A95751EEAF0CAD7CF144F3
Reporter abuse_ch
Tags:AgentTesla


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: rdns0.royalsteelballusas.com
Sending IP: 79.124.8.210
From: Kamran Shamsaei <thameem@qgps-qa.com>
Subject: Zanjan Project // REQ. 1231-DE-01-PV-REQ-204B// Stainless Steel Pressure Vessels For Ammonia Plant // PKA_ Iran ( Ref. No. PKA-TH99-TEC-PV-003 rev.0). // TQ1 (RE: 1231-MT-PS-E-1157)
Attachment: Zanjan Project REQ. 1231-DE-01-PV-REQ-204B Stainless Steel Pressure Vessels For Ammonia Plant PKA_ (contains "ZANJAN_P.EXE")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WBK-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 09:13:55 UTC
File Type:
Binary (Archive)
AV detection:
15 of 30 (50.00%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

unknown f95ed817aaaddeb2839e1d413a65dc2ac32f104e2df1a832ab1d3a58095fcd49

(this sample)

AgentTesla

Executable exe 177b73c79389109f104de7e18a98b666fac019dae540695eff90bc1093f3db3d

  
Dropping
MD5 0ebc0eb1b4f198324018e2f7f10761ee
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 177b73c79389109f104de7e18a98b666fac019dae540695eff90bc1093f3db3d

Comments