MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bec61f4e3e786ce5a72048ca174f85efbff4a8e630d55811b51e806b32f45e86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bec61f4e3e786ce5a72048ca174f85efbff4a8e630d55811b51e806b32f45e86
SHA3-384 hash: ccb0bb8a2d0a3f78a996b9aec8118ab672e9c16f1b9a1dde0e17b4e9ddc1ba1c95c3e0316fa8cd025d3eb34970cf91f1
SHA1 hash: 946dd561ef803d8cf10cb44caabb3a05b974b3b8
MD5 hash: 6700432076ec735af49376721206bfcc
humanhash: undress-earth-oven-hot
File name:MV. ABERDEEN - SHIP PARTICULARS.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:463'851 bytes
First seen:2020-05-28 13:04:33 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:/Xt/LDXj4Us4Ab/OEK79jSZXK/wVvO5m9LHGYlS:/lfzJsfb/PKUZqE5LlS
TLSH 7FA42301BC63636FB31E6CDC599A5ED07586B0EE1329C4B81452E604F6B0B0DEF2766B
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail0.722.dlvtminio.casa
Sending IP: 142.93.232.57
From: Vertom Operations Dept <opr@vertom.nl>
Subject: MV ABERDEEN - Agency Nomination - Discharge
Attachment: MV. ABERDEEN - SHIP PARTICULARS.rar (contains "MV. ABERDEEN - SHIP PARTICULARS.exe")

AgentTesla SMTP exfil server:
smtp.desmaindian.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 13:38:21 UTC
File Type:
Binary (Archive)
Extracted files:
28
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar bec61f4e3e786ce5a72048ca174f85efbff4a8e630d55811b51e806b32f45e86

(this sample)

AgentTesla

Executable exe 6ae239d55a04fc135b9ed665b8e8ad720672eca86f5b76a441da1e155ac755ad

  
Dropping
MD5 be251f1b582ea616cb38b854ac172e80
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6ae239d55a04fc135b9ed665b8e8ad720672eca86f5b76a441da1e155ac755ad

Comments