MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d6943f184a094f5cdc648dca91dc4dde548abe1342dbd9719e1e07aca81e1ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d6943f184a094f5cdc648dca91dc4dde548abe1342dbd9719e1e07aca81e1ac
SHA3-384 hash: 8362151d373263f6d329e63d5e923999f221b7bf2bb33cf40ed6d5c2c391aa0d410324b336f32fc98209d8e7599f8f80
SHA1 hash: 359b9edaf6b2b9ad96fbddf8812733d32a922e19
MD5 hash: 9f3ef2dd840509400fcbc8db2dd76575
humanhash: twenty-delta-steak-indigo
File name:IMG 4367771.tar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:424'343 bytes
First seen:2020-06-29 07:27:39 UTC
Last seen:Never
File type: tar
MIME type:application/x-rar
ssdeep 6144:TXC976dfCqLXH58pP89TsLT6mQltILPcaC5YkUt4Vhcsd5P+qUNQSkyZEW6o0Gem:O9aaqLp8pYIX6HILTt4PDwkyL6IeCQN+
TLSH 0B94235D04205C4D902A89EDD7F2E1C2639B88853AA0B55B9BF2CC2C6BDD35687F937C
Reporter abuse_ch
Tags:AgentTesla tar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: stpauls.stpaulsl.local
Sending IP: 97.82.28.20
From: ACCOUNT DEPT<account@mail2world.com>
Reply-To: <account@mail2world.com>
Subject: PROOF OF PAYMENT
Attachment: IMG 4367771.tar (contains "PROOF OF PAYMENT.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7d6943f184a094f5cdc648dca91dc4dde548abe1342dbd9719e1e07aca81e1ac/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 07:29:06 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pvuuh4meuckpltogjdokshoe3xsurk7bgqw33fyz4hqhvsub4gwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

tar 7d6943f184a094f5cdc648dca91dc4dde548abe1342dbd9719e1e07aca81e1ac

(this sample)

AgentTesla

Executable exe b4e4955cd0abdc5df6d5e1db5d58f3b0f1de491540371e919941f6dc9741f23e

  
Dropping
MD5 e32e9f928ec3244589a7a947d50637f3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b4e4955cd0abdc5df6d5e1db5d58f3b0f1de491540371e919941f6dc9741f23e

Comments