MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 06e83a73a0d058de1811b6ee93f063b97fe79fbab77e2acf0a859cceff815c86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 06e83a73a0d058de1811b6ee93f063b97fe79fbab77e2acf0a859cceff815c86
SHA3-384 hash: 1f1f28e995ae0c87f2467796ed790a88f831e5ca0497a89af5f74ae0f14acfd54f82dd2f5d1070494255e8354057012d
SHA1 hash: 06bc92fc6dd39658b840709160f0f2eaf94bcaca
MD5 hash: 0b5bebad829735a30ad850e3ace99f26
humanhash: fruit-uranus-monkey-lima
File name:Overdue Balance.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:418'304 bytes
First seen:2020-04-29 18:35:24 UTC
Last seen:2020-04-29 20:04:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:e6q4tY5YYxffQ60hRMTuoAIGntzRVm3m4jXXgopIa1H+dfwBXvVUMWbncOTSCdQ7:qnQ6itzRVsmIXRpIeHGfSXvWb9ixzj
Threatray 554 similar samples on MalwareBazaar
TLSH 82941278770C637FC93B0A7848828D4E3261D09BF686F3856E9B67AD048F7E17461993
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.forevertravel.com.my
Sending IP: 110.4.42.51
From: julieyeoh@forevertravel.com.my
Subject: ovedue balance
Attachment: Overdue Balance.r00 (contains "Overdue Balance.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.43134.25813.3127.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 22:06:31 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a3udu45a2bmn4garw3xjh4ddxf76ph52w57cvtykqwom574blsda._file
Verdict:
unknown
Similar samples:
1122de58d83267cd6edf34690c8d8ac376e337e28fddce0c0609554a2c0396db
AgentTesla
47e1f71185f193d015191dec0fd981e6591780a336115fe14638b74031531ac8
AgentTesla
782999121ca089a150f34c3527a7e1c1a5f9c59a73034e3bf6ca166c590a47f3
AgentTesla
d1a314902f558ae79e891b785eec7e87002ed607411e8dfc85b5fbb2f9ef9dc0
AgentTesla
d83d25cdeec57d8bdb0ae70c21d60f32645a2fa21f3f7792774b5ad3bffce9b5
AgentTesla
d9568ff73274781296415519aa548621099b45cc19d68c2d9ce59ce9bee384a7
AgentTesla
d9f827863726fb21fd036363b2090e4454776b3ee1a4665d004da0eaa05126e4
AgentTesla
ed5b523a7b1d55effd77366e3b4e2ab0eb376746e2c86e1cff992d08540c4b5d
AgentTesla
f17b34a25b38f624ce1dc8c5f36cefbf3a989b77714f4c566c085c56f03c8fbb
AgentTesla
fcc68c78e81eab01751ffe299b6213e6dbe994a6d197367000371e82a4ac0a41
AgentTesla
+ 544 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 e9986e51d88bd28614b6e52c45ebbdf37102b2b79d3d4a682001169cd0e79dc0

AgentTesla

Executable exe 06e83a73a0d058de1811b6ee93f063b97fe79fbab77e2acf0a859cceff815c86

(this sample)

  
Dropped by
MD5 0c667b92694e0bd1bb4b045758211b9b
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 e9986e51d88bd28614b6e52c45ebbdf37102b2b79d3d4a682001169cd0e79dc0

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments