MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9791d983e2c1ab16d755e5626e2436e83b53d938c8500d581bef3ea8908723c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9791d983e2c1ab16d755e5626e2436e83b53d938c8500d581bef3ea8908723c6
SHA3-384 hash: ea3df09f407b95bcc84636da78c976a6a0b60d57d311ed8a3b7b141707c5fc2eec35423ad23fe6eb4fa5b5a434278f7d
SHA1 hash: 85d0ccca302e6035a5569a2f11e7ade137ab40f7
MD5 hash: f543f78d5a12a359350517b66fe85ad1
humanhash: seven-monkey-fillet-mockingbird
File name:New Order.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-03 08:27:08 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:GaUDG3Kp1i6VEJD6Lp7UFX98JlaL5ReNT0X9lSfYO8a8r+jPxXjIbb/58:GaUDdK6VEt6FCJ/eNGXO8LrEBjIbbC
TLSH D7455C3D3A456415D63D0A3344966AD067B2A6433E12CB0F7ADE57AC6F033CF3B1626A
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: isp.lxh.cl
Sending IP: 51.161.76.57
From: purchase@memtron.net
Subject: Re: new order
Attachment: New Order.img (contains "New Order.exe")

AgentTesla SMTP exfil server:
mail.chenklins.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 08:38:07 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s6i5ta7cygvrnv2v4vrg4jbw5a5vhwjyzbia2wa3547kreehepda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 9791d983e2c1ab16d755e5626e2436e83b53d938c8500d581bef3ea8908723c6

(this sample)

AgentTesla

Executable exe 13cc623cb7a8aa6b6492170f85300dcca26c69751083fff9329d1afe60c624fa

  
Dropping
MD5 d81143421e0fcf33881c034c16d3371e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 13cc623cb7a8aa6b6492170f85300dcca26c69751083fff9329d1afe60c624fa

Comments