MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69059f9d8e0046bef1fa0989707917ffd1d212458f36e2e2d89fa84eaf84b8c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69059f9d8e0046bef1fa0989707917ffd1d212458f36e2e2d89fa84eaf84b8c2
SHA3-384 hash: a3475ccc9ea75499ad585b50d16a93b4ff5b28bc27ef99f0a212b09fa876a9a15fc12370e89d4f8aba91085ae7763d25
SHA1 hash: 7218b4b1ef1f2aa25b9f19adce3c692b5610d885
MD5 hash: dcf14ee512a1ecd7c37f7c1e9be0e002
humanhash: blue-jig-victor-virginia
File name:DOCS.r15
Download: download sample
Signature AgentTesla
Create hunting rule
File size:392'861 bytes
First seen:2020-05-12 08:22:34 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:zDOwEUa9niF9Larm/v20LZj2f6NjVMLAAQblZZmMKuI/Lirsuhch:XON9naJ/vrLZiSNhMLAlGB/LJNh
TLSH 228423976459DE2CFD04DAFD80D198D95D77C1640CAE3BF2920AF8F64A126E908B3C72
Reporter abuse_ch
Tags:AgentTesla r15


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: box.artkartel.xyz
Sending IP: 64.227.121.239
From: docs@shreejiorg.com
Subject: RE: Shipment Docs
Attachment: DOCS.r15 (contains "DOCS.exe")

AgentTesla SMTP exfil server:
venus.worldindia.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 08:36:01 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
29 of 48 (60.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=necz7hmoabdl54p2bgexa6ix77i5eesfr43ofywyt6ue5l4exdba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 69059f9d8e0046bef1fa0989707917ffd1d212458f36e2e2d89fa84eaf84b8c2

(this sample)

AgentTesla

Executable exe 6920173eb3c5031387b852bd2dce1bdce04ed1199b914b72a009fe257d7e6766

  
Dropping
MD5 9768bc52e24200b6fa9e43c9f1532415
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6920173eb3c5031387b852bd2dce1bdce04ed1199b914b72a009fe257d7e6766

Comments