MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 607c8e92f3ae65e90c70e1beacf2df7b4314396b7983388707f88c318dc25109. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 607c8e92f3ae65e90c70e1beacf2df7b4314396b7983388707f88c318dc25109
SHA3-384 hash: 9cd3a5ed1e50cf4548deea807cd246d903903b1e17f359f40d0823e2516aa16047deb685037764a3dc1cc35ca8796cf1
SHA1 hash: ece58862658b16ee01b9d71157c0dc7f66fec861
MD5 hash: adbad6edbaed1df9ad01453b4bb659a3
humanhash: speaker-tango-equal-golf
File name:INVOICE.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:534'129 bytes
First seen:2020-08-03 13:54:55 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:PloFp4mKBKowAnvrWKX4I9jdtAGPJ2MfSPkHI15:aFp2aAnDWKIIjtAGPJ2V/
TLSH D2B423602039A01468A26D11EF9ADC1AB1A94BB2138F543A35FF776347DFDE3482F0E5
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gmail.com
Sending IP: 37.49.224.236
From: frt@translogship.co.in
Subject: FW: Transit Insurance - 03_16
Attachment: INVOICE.zip (contains "INVOICE.exe")

AgentTesla SMTP exfil server:
mail.albaniandailynews.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.22125.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/607c8e92f3ae65e90c70e1beacf2df7b4314396b7983388707f88c318dc25109/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-08-03 10:01:32 UTC
AV detection:
19 of 28 (67.86%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mb6i5extvzs6sddq4g7kz4w7pnbriollpgbtrbyh7cgdddockeeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/607c8e92f3ae65e90c70e1beacf2df7b4314396b7983388707f88c318dc25109

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 607c8e92f3ae65e90c70e1beacf2df7b4314396b7983388707f88c318dc25109

(this sample)

AgentTesla

Executable exe f2f339adc33d22b8ba865095fd503e028390079aee791e028a36a3c29def7c6a

  
Dropping
MD5 8b4479f243bf2ed03b1e67f7693b063c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f2f339adc33d22b8ba865095fd503e028390079aee791e028a36a3c29def7c6a

Comments