MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6854634bccf212e4a7952c6d7958e8f91a7d4f09da1086064b5fab6a771a2ba9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6854634bccf212e4a7952c6d7958e8f91a7d4f09da1086064b5fab6a771a2ba9
SHA3-384 hash: 92036ee220ea67967b89df8dab21a63c0cb32a220d46af83d9e6c836bbfe9d44064b1cdac6d13a1da1ace08226360f03
SHA1 hash: 5d6e25ca7da7f3bfb20b316539376d8942161f99
MD5 hash: 8d8116ba0744c3bb36ac08f7e895c0f5
humanhash: tennis-fifteen-johnny-edward
File name:Price Offer-May.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:393'629 bytes
First seen:2020-05-13 10:13:05 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:iYbfDV+L3sK4VEmx1joycgTR+CBQkmw7A:iYV+LmVEWpL7K
TLSH B884235D69DEA1BC362443EDB355804C9EAC948D6F0A5776C0CC14EAB21EBB233B3D64
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: abanti.net
Sending IP: 103.207.38.155
From: Ariful Islam Rassel <ariful@abanti.net>
Subject: Fwd: Price offer
Attachment: Price Offer-May.gz (contains "Price Offer-May.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 10:36:45 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nbkggs6m6ijojj4vfrwxswhi7enh2tyj3iiimbsll6vwu5y2fouq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 6854634bccf212e4a7952c6d7958e8f91a7d4f09da1086064b5fab6a771a2ba9

(this sample)

AgentTesla

Executable exe 0157268340dbee3d5090f2793561e90f051ea1a1f160cb420eacbd5525a94b93

  
Dropping
MD5 ff345b830dc00a3ba17a6f10ad0ec6ec
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0157268340dbee3d5090f2793561e90f051ea1a1f160cb420eacbd5525a94b93

Comments