MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 060fb2037494e9a070ab826c9e4eefaeef68f9610e0afda68e0725f74fd133ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 060fb2037494e9a070ab826c9e4eefaeef68f9610e0afda68e0725f74fd133ac
SHA3-384 hash: aee262d4de592e4d79ebad0f0677ef55512385249c7946c6808a9418fb626f2a43a64ded43b0520661bf3df7e7b09ae3
SHA1 hash: 2d0cb7ebc5caacf24a006c66cc975d433aa26eb6
MD5 hash: d4d132c23a5ae25ec22c23c6f74ae300
humanhash: bakerloo-one-equal-harry
File name:items 001.xlsm.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:411'635 bytes
First seen:2020-05-12 06:28:25 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:6jNaRF64qKt2QAhQBloryhkq/bgvT6Ts29H2vM3MKPW:bRP2QAWjh1gvs9cM3MKPW
TLSH 4A942317B4E357042ABCADE94B900336E26B65D350EF24E42C9AD3558A75CCDF8D0E3A
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: outlook.com
Sending IP: 103.99.1.148
From: Natalie Thomas<sales.gmbh@outlook.com>
Subject: RE:Order by Petersen Matex Trading GmbH 
Attachment: items 001.xlsm.rar (contains "items 001.xlsm.exe")

AgentTesla SMTP exfil server:
mail.pptoursperu.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 03:42:28 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ayh3ea3ustu2a4flqjwj4txpv3xwr6lbbyfp3juoa4s7ot6rgowa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 060fb2037494e9a070ab826c9e4eefaeef68f9610e0afda68e0725f74fd133ac

(this sample)

AgentTesla

Executable exe 682a2a2956855186773fe1ba8e9956d47f225264cd80776ba933b07e342f789e

  
Dropping
MD5 9aebea8a71deb0459acf23e1737765ce
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 682a2a2956855186773fe1ba8e9956d47f225264cd80776ba933b07e342f789e

Comments