MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87cc6e0251eaec1fc831e23837af5f0821ead7175f1eef1fb3c1b6b9640ffee7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 87cc6e0251eaec1fc831e23837af5f0821ead7175f1eef1fb3c1b6b9640ffee7
SHA3-384 hash: 6341e05d7dcf038c2b26c98f7489b5d22a08e02bb18199c02347daaadc13f79f21f7ce349ab12c84c89807d321403de2
SHA1 hash: 277a0a7ceda6e38d0e90fcd5818d2a6c7ba63c89
MD5 hash: f93ecdc927f31b0ebda967332e94b0a1
humanhash: kansas-vermont-robert-avocado
File name:TNT_Receipt.9066721066 AWB no.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:527'927 bytes
First seen:2020-05-05 07:43:38 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:gn+WAFNqPBmiL1qy33DjjT5DHEMoko8javG82eNH/2:gn+W+Om6TjjjTlkMa8jal2j
TLSH 10B433A3B19D69CBE55DF217AF68872CCC210DB4432C6814E9F805A743677C12B678FA
Reporter abuse_ch
Tags:AgentTesla gz TNT


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp.safemail.it
Sending IP: 147.123.1.124
From: TNT Express (ParcelHero®)<Custormerservice@tnt.com>
Subject: TNT Import Clearance – Consignment : #9066\x0a721066 is now under clearance process
Attachment: TNT_Receipt.9066721066 AWB no.gz (contains "TNT_Receipt.9066721066 AWB no.exe")

AgentTesla SMTP exfil server:
mail.perfectholidaysborneo.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis8F7F1C7C6365.29965.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Nanocore
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 08:36:19 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=q7gg4asr5lwb7sbr4i4dpl27baq6vvyxl4po6h5tyg3lszap73tq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 87cc6e0251eaec1fc831e23837af5f0821ead7175f1eef1fb3c1b6b9640ffee7

(this sample)

AgentTesla

Executable exe 874e5493086a501512f7367f1fc2dd63a9605466ef44ba598f52a21fb75c95f5

  
Dropping
MD5 8f7f1c7c636599f167ecbca788ba9374
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 874e5493086a501512f7367f1fc2dd63a9605466ef44ba598f52a21fb75c95f5

Comments