MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ab121494d55604a9f3a2cfdd0e2f3a477bf5e67299087550b128eabd880ffb1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6ab121494d55604a9f3a2cfdd0e2f3a477bf5e67299087550b128eabd880ffb1
SHA3-384 hash: ebe077984ddcb4c4dcd310c2fe529a7268955ba2163007670a121c27c18faed493f6b2752277797ada7f69b6bb6ca33b
SHA1 hash: f9173e476931e0680536f92aee4f3b8824b7382d
MD5 hash: 72849785461423e0173d5b1119cf8876
humanhash: maine-bakerloo-nevada-colorado
File name:FedExi jälgimine-pdf.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:250'975 bytes
First seen:2020-07-06 08:24:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:4ZeTBu8MCQYKQ1qoaTGweJdhuGwJIt25cImlqms:lpJDwa6G43SIes
TLSH 9A3412A9693A4CBD1DC160A9FB0F117F615DFBC59CEC3019B4A89AC37A726EE0132146
Reporter abuse_ch
Tags:7z AgentTesla EST FedEx geo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: linux1187.grserver.gr
Sending IP: 95.216.14.228
From: Kimberley Lin <kimberley.lin@fedex.com>
Reply-To: Kimberley Lin <dustiutd12@hotmail.com>
Subject: FedExi kohaletoimetamisteade
Attachment: FedExi jälgimine-pdf.7z (contains "FedExi jälgimine-pdf.exe")

AgentTesla FTP exfil server:
ftp.kassohome.com.tr:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6ab121494d55604a9f3a2cfdd0e2f3a477bf5e67299087550b128eabd880ffb1/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 08:26:05 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nkyscsknkvqevhz2ft65byxtur336xthfgiiovilckhkxwea76yq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6ab121494d55604a9f3a2cfdd0e2f3a477bf5e67299087550b128eabd880ffb1

(this sample)

AgentTesla

Executable exe 61580c08d2a3148b9fb05331e642cbc55d2bd21ce80b99d394aeaeb5be69634e

  
Dropping
MD5 5a72e8f5b2cecb38420ca5b10433449e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 61580c08d2a3148b9fb05331e642cbc55d2bd21ce80b99d394aeaeb5be69634e

Comments