MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01d6dd1fd63030ab99f1c641049c07fdcd2242967a952ece15b7ce07d3e8fbac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01d6dd1fd63030ab99f1c641049c07fdcd2242967a952ece15b7ce07d3e8fbac
SHA3-384 hash: 940e8e6ef4533eecd5b4c76da82128f7883ed723ab676a93a06b2d94b564844ac6992d18a6088275185820ee569e7caf
SHA1 hash: 86b48e82d4074031b398c72cd8a927fa90f0de59
MD5 hash: e54319c85044699fb8c15870c0b08b29
humanhash: item-mississippi-don-april
File name:IMG_20200710_0008.jpg.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:511'934 bytes
First seen:2020-07-13 11:40:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Vwa9KIPCucM97dpSP8hOFwI9tB0TWEKyPJohZfvwRCLpgs:VwaIILcqdpVOqIvMfRafwCNgs
TLSH D8B423F65252C873600FFADA8D29EC1C5486DE75C6B1CFCA28C4A25EB10E5916FC4A3D
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.mecitefendi.com.tr
Sending IP: 78.40.228.55
From: . QNB Finansbank <email@email.qnbfinansbank.com>
Reply-To: otikafranklin@gmail.com
Subject: cozum ortakligi faturasi
Attachment: IMG_20200710_0008.jpg.rar (contains "IMG_20200710_0008.jpg.exe")

AgentTesla SMTP exfil server:
mail.calisanlarmakina.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25893.RarHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/01d6dd1fd63030ab99f1c641049c07fdcd2242967a952ece15b7ce07d3e8fbac/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 11:41:04 UTC
AV detection:
17 of 27 (62.96%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ahln2h6wgaykxgpryzaqjhah7xgsequwpkks5tqvw7hapu7i7owa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 01d6dd1fd63030ab99f1c641049c07fdcd2242967a952ece15b7ce07d3e8fbac

(this sample)

AgentTesla

Executable exe f0f9468203cc747f2d1c66c17d8ef2ff357973a6eaf73683e321cddff387bbdb

  
Dropping
MD5 1aee37aaf0ecf0846ca91b198e05f5f8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f0f9468203cc747f2d1c66c17d8ef2ff357973a6eaf73683e321cddff387bbdb

Comments