MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f66268ec10af16bf68c4f311f9b53ef7b83aa68da8971abd900a1064fb97981. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f66268ec10af16bf68c4f311f9b53ef7b83aa68da8971abd900a1064fb97981
SHA3-384 hash: 9bf119e8a22198b05bb66dfe3fcfc52167820ca7f0a85df57901e784d2b17511fc44003e59bafb8bc13b23b8ac788b9a
SHA1 hash: e5c7f40b829c313b468bb871dcfa17a2aebff8cd
MD5 hash: 08b98677cfd0de0134f8063eb10d00f3
humanhash: pizza-eighteen-princess-kentucky
File name:PAYMENT COPY.r29
Download: download sample
Signature AgentTesla
Create hunting rule
File size:720'462 bytes
First seen:2020-07-20 06:21:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:R0bW0R6vXMxM0REOUki77Q3u3TzkMZBrMfHNktqeyeoYHWodn+izDmwitrMcMiw:R0b48nlUr7k0kYrMWqeBoIFmwoxMiw
TLSH 71E423F2738D22F75510B09C55D59AD0FF7AE3FE816928867A793CC28288867FDA015C
Reporter abuse_ch
Tags:AgentTesla r29


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: rs201.nsresponse.com
Sending IP: 184.170.148.5
From: merchant4@cocoonexport.com
Subject: Payment Advice
Attachment: PAYMENT COPY.r29 (contains "PAYMENT COPY.exe")

AgentTesla SMTP exfil server:
smtp.lebchrom.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WXK.5637.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2f66268ec10af16bf68c4f311f9b53ef7b83aa68da8971abd900a1064fb97981/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 06:23:04 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f5tcndwbblywx5umj4yr7g2t555yhkti3kexdk6zacqqmt5zpgaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2f66268ec10af16bf68c4f311f9b53ef7b83aa68da8971abd900a1064fb97981

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 2f66268ec10af16bf68c4f311f9b53ef7b83aa68da8971abd900a1064fb97981

(this sample)

AgentTesla

Executable exe 7931c2fc08b888aee9fdcebc85e09b814f280227a2320692a3966328c78d7dbb

  
Dropping
MD5 dce738c34da3e19d7d692f99e8ef981a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7931c2fc08b888aee9fdcebc85e09b814f280227a2320692a3966328c78d7dbb

Comments