MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0669e81b8d22b4d3495ddbbb9435cfb3804fcf34eb191491092a610730590e7b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0669e81b8d22b4d3495ddbbb9435cfb3804fcf34eb191491092a610730590e7b
SHA3-384 hash: 9d903aec3da0e886e23ea231421e6cf271e474cb59958b3c799f8cf340d851235f3a89f4089e1334768ac21571731782
SHA1 hash: 682ab984251c88bbca9dde62eab46e8a54fa293f
MD5 hash: e4b718d2048e74a3ed700a74d92a9a10
humanhash: glucose-oven-fifteen-happy
File name:INVOICE.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-18 08:51:18 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:l4EcmZHAFaxmVmie9bngPzO8liugBb1acW:l4EcmZHAFaxmVmie9bngPzO8YuRc
TLSH 55458B4A38D0E3DED4E54FB948149C0223FA2F1902169A0FEC6F39D6B7D9BD1BE24456
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: setentaycinco14.nsprimario.com
Sending IP: 188.93.75.14
From: Zhukeng Cooperative Co., Ltd <donatella@fabiorusconi.it>
Reply-To: michaltony2020@gmail.com
Subject: RE: Disera order 17.08.2020.
Attachment: INVOICE.IMG (contains "Invoice order.exe")

AgentTesla SMTP exfil server:
mail.katholikos.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0669e81b8d22b4d3495ddbbb9435cfb3804fcf34eb191491092a610730590e7b/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 12:50:39 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=azu6qg4nek2ngsk53o5zinopwoae7tzu5mmrjeijfjqqomczbz5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 0669e81b8d22b4d3495ddbbb9435cfb3804fcf34eb191491092a610730590e7b

(this sample)

AgentTesla

Executable exe 68c326087c2ed640e74b243ecfad7be9fc4e2694f80991a5337e8f91fdf4efc7

  
Dropping
MD5 40457707e685cc64ed22fc397a44d85f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 68c326087c2ed640e74b243ecfad7be9fc4e2694f80991a5337e8f91fdf4efc7

Comments