MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16be739f4cd606ef8dfd41ca0e4e3ac2d39d8781d1460c8cc07622a681dcb05d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	16be739f4cd606ef8dfd41ca0e4e3ac2d39d8781d1460c8cc07622a681dcb05d
SHA3-384 hash:	c88921539a5b05cbe53cc12e685f2332cac945019fa79b1b6003af6ef2b2cf5a84c9265c34f5813dfc199cc889fe1019
SHA1 hash:	b3eef7cd7af0361e9cbdad7b5e9787c236a43b41
MD5 hash:	0a695b739319ffd2d83ab48c46e92505
humanhash:	earth-fifteen-hotel-mango
File name:	650789560.msi
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	671'744 bytes
First seen:	2020-07-01 13:26:02 UTC
Last seen:	2020-07-01 14:17:06 UTC
File type:	msi
MIME type:	application/x-msi
ssdeep	12288:oEUgy6JduXtUDPK/J1O9BBsSZrEFlNmj7HYsw:oEwNtH/7ObBRrW
Threatray	10'578 similar samples on MalwareBazaar
TLSH	8CE46BC175A94FD2E8723FF64A3398C133B27CBA502DC2190D9F35DA55B2B51CA62A13
Reporter	abuse_ch
Tags:	AgentTesla msi

abuse_ch

Malspam distributing AgentTesla:

HELO: llsk281-a17.servidoresdns.net
Sending IP: 82.223.190.12
From: Raquel Jimenez Sanz <rjneazs@bankinter.com>
Subject: Aviso de Transferencia
Attachment: Transferencia bankinter.xls

AgentTesla payload URL:
http://axolotl-metal.com/ccg/650789560.msi

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin

# of uploads :

2

# of downloads :

77

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/18250/

Detection(s):

SecuriteInfo.com.MSIL.Kryptik.WQF.30392.UNOFFICIAL

PUA.Doc.Dropper.Heuristics-6774243-1

Detection:

agenttesla

Link:

https://mwdb.cert.pl/sample/16be739f4cd606ef8dfd41ca0e4e3ac2d39d8781d1460c8cc07622a681dcb05d/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-07-01 13:27:04 UTC

AV detection:

16 of 29 (55.17%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=c27hhh2m2ydo7dp5ihfa4tr2yljz3b4b2fdazdgaoyrknao4wboq._file

Verdict:

malicious

Label(s):

agenttesla

Similar samples:

07aac2ec24a41b2234c18ecc1ee09b2913c24edf5cc53b59cf60bf61c8a5630f

3753be46dda5f897bfbe00944241e5b7b11d77bd0e0a919ca3a751354faf6319

7013e2ac13e42bbee07bb06c5f9c2e4b625a6599a64bccf0e844ba2e995e0737

701bb7d545df1a98de90d0a414a90c7f09538fe02f32e8ffc4c6312aab8349c5

77f8071b30876bb7f99165b4e52c7730f76b3bb5864a04d1a224d0bf6d9f8299

ad6a160f9fad0fefa2f7ffdd0e8b5c43f62bf8983b14443b4c33115592297663

ad7db1393e62d89dcb0039aa5ba64a897e88d3f6b76d146ccf419e952e57c317

cea8cae444dd5dadf01c31def4681b170907b97e0cfb468a9ff317ce7ae736a3

cfefe5d485164b99beeb1aea8faca9e61f8a53d4b742ebf733922a0896511b50

de638d68163fe7f49b3371adbe9456b2c2ed2ef5182324e768dc42793591c7de

+ 10'568 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

macro

Link:

https://tria.ge/reports/200701-fmqn7aw2yj/

Behaviour

Suspicious Office macro

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

xls 5ec5b4a0f0996bb3715d6528f906e1a1ed40383a8b648bf22a06c4549d6767cd

msi 16be739f4cd606ef8dfd41ca0e4e3ac2d39d8781d1460c8cc07622a681dcb05d

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/406822/

Dropped by

MD5 af7e97f63ad511c14ac73d572a02149f

Dropped by

SHA256 5ec5b4a0f0996bb3715d6528f906e1a1ed40383a8b648bf22a06c4549d6767cd

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/18250/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample