MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8617091b06d3979e9b855ae5619e84b2334090878c645815fc92991451d36323. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8617091b06d3979e9b855ae5619e84b2334090878c645815fc92991451d36323
SHA3-384 hash: 7821278be8f025eda103d344345678a1269fa1d6708e2c098273991e4e324ac18124f3b69b63a0ad6db8a642ac9ce357
SHA1 hash: ba30077e3df1cf37e4993eb5ae4791b80c6e8253
MD5 hash: a621181a431ca13f664ac59ee41b0a71
humanhash: hotel-item-september-carolina
File name:Price Offer-May.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-06 09:34:36 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:uPyN+IyLonxhcOOCALaFO3YQ2akAHtcU7P/Z/:uPykI/xhcOOCAR3rkscUL
TLSH 934502997320B1DFCC9BC0B69E641DA56A3075BB570F8206F61F56AC8B4D887CF250B2
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.abanti.net
Sending IP: 203.76.110.138
From: GOmanBuyers <gomanbuyers@bp.com>
Subject: RE: Request for Quote - SC# 1001829755 VJ01
Attachment: Price Offer-May.img (contains "Price Offer-May.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EJYY.990.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 20:45:23 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qylqsgyg2olz5g4fllswdhuewizubeehrrsfqfp4skmriuotmmrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 8617091b06d3979e9b855ae5619e84b2334090878c645815fc92991451d36323

(this sample)

AgentTesla

Executable exe 613ba9449348f1733df2ef17bcfefc1604b5e68aed7716e00721bbbe1a0d0b7a

  
Dropping
MD5 9c1afda76ed56066bc4795ae460fc00c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 613ba9449348f1733df2ef17bcfefc1604b5e68aed7716e00721bbbe1a0d0b7a

Comments