MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd82f122aa8f51076bde16ea95069a38421af13c65f760bd0fb2b69313a4eedc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd82f122aa8f51076bde16ea95069a38421af13c65f760bd0fb2b69313a4eedc
SHA3-384 hash: 4cdff31b8d01cb205f507ffe951fb4b6709c6b4690627fdf613a3f7a128e8437eb3082790de7a902695d899a799d919e
SHA1 hash: e914063d8d839df3047ab77234fba2c7066c377e
MD5 hash: 86af481e68905a23f381a20d4f3c71ca
humanhash: three-leopard-ten-butter
File name:Catalog.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:341'329 bytes
First seen:2020-07-22 06:54:20 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:+9/qx5PW4yBwxPN1Xgs2CU/b10QNaPWj7+bOCyHWsnrPNsU8/TA5sDF:MSeBwJgs2nzraPWH+b2HW8NsXLg4
TLSH EE742305BD95332347A61C1954851A72319EF48F2AEEED57FEC297A0B03E50A8F93C71
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 85-204-74-120.plesk.page
Sending IP: 85.204.74.120
From: Olson@texwarahouse.com
Subject: NEW ORDER
Attachment: Catalog.zip (contains "Catalog.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.8737.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd82f122aa8f51076bde16ea95069a38421af13c65f760bd0fb2b69313a4eedc/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-22 06:56:07 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7wbpcivkr5iqo266c3vjkbu2hbbbv4j4mx3wbpipwk3jge5e53oa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fd82f122aa8f51076bde16ea95069a38421af13c65f760bd0fb2b69313a4eedc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip fd82f122aa8f51076bde16ea95069a38421af13c65f760bd0fb2b69313a4eedc

(this sample)

AgentTesla

Executable exe 2a2a628e23fa234e422aa5edcb6718f54e5caa2822ee10950a30619d9e9b0534

  
Dropping
MD5 7d7aae060d553d8ae3a48a6a1e7dbddb
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2a2a628e23fa234e422aa5edcb6718f54e5caa2822ee10950a30619d9e9b0534

Comments