MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b6e364893e256f77caf6854f61259715d1095097decf28e3e73f54d7008e309. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



AgentTesla


Vendor detections: 5


Intelligence 5 File information Yara Comments

SHA256 hash: 6b6e364893e256f77caf6854f61259715d1095097decf28e3e73f54d7008e309
SHA3-384 hash: c4ac3116ecbf529def0e11f67f8ecd6ae918b040aeaaf35159a9b3655f2f6ea839414d37f4c1c557e15afc64bcaab613
SHA1 hash: a8c3bec8dcfcf80a0dd91d06119dafd69bf4578d
MD5 hash: 44f23964b6a374348a68ec0f664c4cab
humanhash: papa-cat-eighteen-island
File name:PAYRECEIPT.zip
Download: download sample
Signature AgentTesla
File size:20'931 bytes
First seen:2021-02-22 23:05:48 UTC
Last seen:2021-02-26 05:16:36 UTC
File type: zip
MIME type:application/zip
ssdeep 384:CZFXovDoB9+3yAdDCohmO7fOC05rNqfiZ7Hww0CsDyYo27cy0:CZ9oDi9/ACoTG4fiZEUScH
TLSH DD92E1B5D4AD4870DC8AF506B051427B29106CD7DCA4E42963C0768AE7F2F7BEA2DC2C
Reporter @GovCERT_CH
Tags:AgentTesla

Intelligence


File Origin
# of uploads :
6
# of downloads :
90
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
ByteCode-MSIL.Downloader.BaseLoader
Status:
Malicious
First seen:
2021-02-22 23:06:06 UTC
AV detection:
15 of 47 (31.91%)
Threat level
  3/5
Threat name:
Legit
Score:
0.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6b6e364893e256f77caf6854f61259715d1095097decf28e3e73f54d7008e309

(this sample)

  
Dropped by
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments