MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e78c9215765b97c0963ef0846e3aff361322943736180563746ff92c4150b3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e78c9215765b97c0963ef0846e3aff361322943736180563746ff92c4150b3b
SHA3-384 hash: 632678abc884dec5f0f8d3097a9ff6a53f4c7fcbf28c29c2fba4adc6bd222e52d619c454f8d22bdbef8369c87cd776a4
SHA1 hash: fbd822b70935c9c87c75546124513a7e1241e863
MD5 hash: cd03efe1f892213d7fd5de0e2ed02233
humanhash: arkansas-lactose-yellow-yellow
File name:Consignment Invoice PLBL Draft.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:737'280 bytes
First seen:2020-06-11 06:23:37 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:WaUPSg6VEJD6Lp/Iy5YN7+TB4RbkIxnUY1pvwVnbt+OmtNybVDnA3mehW:WaUD6VEt6Wy5YYTBMrX1pvrOu4VMFh
TLSH 25F45B3E3685A801D23C4A7245A656D073B2AA833E42D70F79CE675CAF123CF3B5535A
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cloudhost-401319.us-midwest-1.nxcli.net
Sending IP: 209.87.159.195
From: TNT EXPRESS <service@tnt.com>
Subject: Consignment Notification: You have A Package With Us
Attachment: Consignment Invoice PLBL Draft.img (contains "Consignment Invoive PL&BL Draft.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.50311.28846.26600.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 06:25:11 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nz4msikxmw4xycld54eeny5p6nqtekkdonqyavrxi37zfravbm5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 6e78c9215765b97c0963ef0846e3aff361322943736180563746ff92c4150b3b

(this sample)

AgentTesla

Executable exe aeeb75d3528fb9fe3ce0bae4a6c5a70b6e62255f6bf8e5eeab82c1a00efcc101

  
Dropping
MD5 738b0808f5221ff0902caae84a19b1ca
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aeeb75d3528fb9fe3ce0bae4a6c5a70b6e62255f6bf8e5eeab82c1a00efcc101

Comments