MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60316a67fa4be2ca25e679506d9d894e985b99d152ef8277b5a6a6413b21ec3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60316a67fa4be2ca25e679506d9d894e985b99d152ef8277b5a6a6413b21ec3b
SHA3-384 hash: 5fe31533d02ec34467a86c01f51c68c06ffca8fabb3511728c2bfc88b0d754d338c1ba18b65e8f84493f4dbcb1895719
SHA1 hash: 51eb6da402ce3d550cb48e673fd63822e5cbfcf6
MD5 hash: 7f5ffabea35ebd91d97b8d4951ea26f5
humanhash: sierra-texas-seventeen-echo
File name:JKNZ8WBS9WNXNA.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:955'791 bytes
First seen:2020-06-10 07:12:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:jnEqTNaqMai5TK2ev672UQYIls1ReuozRxCCAeroFoUQ:jnENq0eS1ReBRIyraoj
TLSH 9915339E2C5A962A15E07A6FC117D00794FCBE34E73289779C80CD59E0FCB21B2DC216
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.betalt.lt
Sending IP: 86.38.169.85
From: ekonom <ekonom@systempartner.sk>
Reply-To: ekonom <Standardchartered22121@outlook.com>, ekonom <Standardchartered22121@outlook.com>
Subject: Potvrdenie#08864
Attachment: JKNZ8WBS9WNXNA.7z (contains "JKNZ8WBS9WNXNA.exe")

AgentTesla SMTP exfil server:
mail.dobrev-cheese.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:14:04 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=maywuz72jprmujpgpfig3hmjj2mfxgorklxye55vu2tecozb5q5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 60316a67fa4be2ca25e679506d9d894e985b99d152ef8277b5a6a6413b21ec3b

(this sample)

AgentTesla

Executable exe 18fc7b8025209d438de81fc74e7dd95699b7a66106b891a32fb375f21ceeea1a

  
Dropping
MD5 72053d0898654cf7c0480bff34c02ed5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 18fc7b8025209d438de81fc74e7dd95699b7a66106b891a32fb375f21ceeea1a

Comments