MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75b9e7f688796e9161092b80c77fe4b6b73de11f629eaacb2c52d95f4b3d87ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 75b9e7f688796e9161092b80c77fe4b6b73de11f629eaacb2c52d95f4b3d87ad
SHA3-384 hash: 4b859b5bb99fe6cf4840ad8c752f0af6b56298273f26802023d18fffb147fe32d046c9cc114a352784bad6a9cccf6cc4
SHA1 hash: 2a5bc17004e058bd2288a9cba63f8440a0436def
MD5 hash: 6387fedb1c00fc71f139934ef271b872
humanhash: stairway-cold-utah-one
File name:overdue account letter.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:380'424 bytes
First seen:2020-06-25 17:28:58 UTC
Last seen:2020-06-25 21:39:32 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:bCCBqIva1kxvssd8NvRgAe/c9up/Ig3tW9qfqhGtjK8Zq16F6vB6T5ZVKh0nAv:bvQHkRMNpgxGuBg9Gt01a6W5ah
TLSH 09842337C84EADCCE6E361570F155E1CB037A9F97634AF369E07887EC6292842DD8642
Reporter abuse_ch
Tags:AgentTesla DHL rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: dhl.com
Sending IP: 103.99.1.170
From: Pravina Patole (DHL IN)<Pravina.Patole@dhl.com>
Subject: DHL Overdue Account Notice -557678
Attachment: overdue account letter.rar (contains "overdue account letter.exe")

AgentTesla SMTP exfil server:
mail.sunflower-tech.com:587

Intelligence

File Origin
# of uploads :
3
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/75b9e7f688796e9161092b80c77fe4b6b73de11f629eaacb2c52d95f4b3d87ad/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-25 17:30:07 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ow46p5uipfxjcyijfoamo77ew23t3yi7mkpkvszmklmv6sz5q6wq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 75b9e7f688796e9161092b80c77fe4b6b73de11f629eaacb2c52d95f4b3d87ad

(this sample)

AgentTesla

Executable exe df5986fcb5b6e473947583262fe71a48b644b13c42a2a57cbff970905baf2001

  
Dropping
MD5 3dffd9e4dfb14a1053542f56c9ef79d0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 df5986fcb5b6e473947583262fe71a48b644b13c42a2a57cbff970905baf2001

Comments