MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a28596183b375a4c5d67febe6c72ff29e5bbb29e56875c72624357fd659b6d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a28596183b375a4c5d67febe6c72ff29e5bbb29e56875c72624357fd659b6d0
SHA3-384 hash: 56eb51b6361d705228d5dd9a604e6e75ecfabcdb31cd4bef4b797d0354053b703aa02cee555ea08d4b8a858288565a36
SHA1 hash: 98346a2d1021bca513b93f678cc734d6e1da3814
MD5 hash: c99880b0e3472c198233e4e6065e996f
humanhash: nine-lithium-item-october
File name:invoice.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:497'231 bytes
First seen:2020-05-02 08:05:22 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:Aj18ZZJKJD/6HU/2CKcQ+/MVAZ3YBl2mMI81eFZvjaWE:A6JfU/JvR6AxC2C/ve1
TLSH 43B423EA3E43591AB4D6EDBCC8E4988CDD45A86C2CC53DA619798409CF8C061CDF93F8
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp1-01.brain.net.pk
Sending IP: 203.128.3.25
From: eureka@brain.net.pk
Subject: Re:
Attachment: invoice.gz (contains "invoice.exe")

AgentTesla SMTP exfil server:
smtp.instabulkas.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-02 08:35:45 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=niufsymdwn22jrowp7v6nrzp6kpfxozj4vuhlrzgeq2x7vszw3ia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 6a28596183b375a4c5d67febe6c72ff29e5bbb29e56875c72624357fd659b6d0

(this sample)

AgentTesla

Executable exe c371004e8407621dcf815c95f130ef0bbfeec0dfcee1433800e56a9b247b8702

  
Dropping
MD5 e0ce90dcf297efc48a543d22f7d07c81
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c371004e8407621dcf815c95f130ef0bbfeec0dfcee1433800e56a9b247b8702

Comments