MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f94f415f23fe820a146fcd53a11cf091fd942637bcece87405fde828a04ad7a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f94f415f23fe820a146fcd53a11cf091fd942637bcece87405fde828a04ad7a
SHA3-384 hash: 21dd4a1222982482b8fa893f4053d5ad39910b787a280ff8589b1b336d582704dc92f35026fe9beaf239352e85632e88
SHA1 hash: bd09e9a9a73d2a5bfe5d5624c152394276100fd1
MD5 hash: 7c52bfc9a96e87dbb89d03685dea908f
humanhash: carbon-cat-bulldog-bravo
File name:987865678Order78657.xlsx.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'425'408 bytes
First seen:2020-06-25 09:33:52 UTC
Last seen:2020-06-25 09:34:47 UTC
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:oMzQ2JyQVwXUjFh3SclDsl7zTSaASl9eCn:oMzQ2jCc1s5wSlgO
TLSH F8654A3965A07AC4E4AD8E724D559640BFF39D426A01C30FE5D4B6E85B333CAEA011FE
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: chudaimooocom.blazingfast.io
Sending IP: 5.206.224.20
From: Sulzer Global <purchase@sulzer.com>
Reply-To: wsdled@vivaldi.net
Subject: Business Order
Attachment: 987865678Order78657.xlsx.img (contains "758697067r577.exe")

AgentTesla SMTP exfil server:
smtp.mail.ru:587

Intelligence

File Origin
# of uploads :
3
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.349.28077.712.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6f94f415f23fe820a146fcd53a11cf091fd942637bcece87405fde828a04ad7a/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=n6kpifpsh7ucbikg7tktueopbep5sqtdpphm5b2al7pifcqevv5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 6f94f415f23fe820a146fcd53a11cf091fd942637bcece87405fde828a04ad7a

(this sample)

AgentTesla

Executable exe 21a7cc24b6be7d48071fad526da8856a50afd02102ed0839430982d521ea7c8b

  
Dropping
MD5 fb3f114ead51845ba3568be8c9535c4e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 21a7cc24b6be7d48071fad526da8856a50afd02102ed0839430982d521ea7c8b

Comments