MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb6fef9064b860535b27e96a88e8bf9318c3fddd0dbb72b010158fa487454c62. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb6fef9064b860535b27e96a88e8bf9318c3fddd0dbb72b010158fa487454c62
SHA3-384 hash: 78878c46b71b417736e9da17e1886101134ab22ed354c6719d69a78ad2332c03d05abb1357542386f6be6f32d08adcbe
SHA1 hash: 04471360b363ea09e9f017252d804b0149ef1d6d
MD5 hash: f3a4907009b981d4f1967384ace4e840
humanhash: fillet-princess-mobile-seven
File name:Payment Slip.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-13 14:05:21 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:QwN+JFLmfvdkmYuVZyeJ5tZuHbtxxxZTu+9HRN:QwgvLbQyatZu7lnJdR
TLSH 8D454816BA86D1B1E04808757601E66E52207C38C8178D437399BFDFFBF0AE58E51BB2
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server.domain.com
Sending IP: 89.45.4.248
From: awakenyoursmile@cableone.net
Subject: Payment Receipt. As Advised.
Attachment: Payment Slip.img (contains "Payment Slip.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.734718.13086.7896.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb6fef9064b860535b27e96a88e8bf9318c3fddd0dbb72b010158fa487454c62/
Threat name:
Win32.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 14:07:05 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xnx67edexbqfgwzh5fvir2f7smmmh7o5bw5xfmaqcwh2jb2fjrra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bb6fef9064b860535b27e96a88e8bf9318c3fddd0dbb72b010158fa487454c62

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img bb6fef9064b860535b27e96a88e8bf9318c3fddd0dbb72b010158fa487454c62

(this sample)

AgentTesla

Executable exe 735371cde40d19b56069dc9cbf5c68e138b12bf9b188ef448abb7b36be143eb4

  
Dropping
MD5 397c16f7d80ed164abe0acb7461451bd
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 735371cde40d19b56069dc9cbf5c68e138b12bf9b188ef448abb7b36be143eb4

Comments