MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c6af67c66c24d7bfe9f2645f9807a495c6e57161f7fe3a36f1a17e09a278b78c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c6af67c66c24d7bfe9f2645f9807a495c6e57161f7fe3a36f1a17e09a278b78c
SHA3-384 hash: 6d75eb8afe14f1fa526365030190d94578e561952fcf3a9f5b440219dc6e30e325f53011a4925e9c35c61a5f96560367
SHA1 hash: 3eb28d8f2241a79343d3521bd3a6cb34cfec4213
MD5 hash: d26c1555b2850870f4b4a7ce0a176c0b
humanhash: uranus-missouri-early-single
File name:Final RFQ FOR RRMIP-GSD Schrobenhausen PROJECT TECHNICAL PROPOSAL FOR PROCUREMENT OF PROJECT MATERIA
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-29 06:51:52 UTC
Last seen:2020-06-30 05:28:37 UTC
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:85U0wcR7iXQBad3/Y2ZnbfaYNnuh44g/Uo4xPrfe:GwSJaBQanbS6x40nkTe
TLSH B145BE80E2A84ECAEC7A13F5447269101333BD6AA472D71E599EB0F55BB33830567F1B
Reporter abuse_ch
Tags:AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 162-241-215-47.unifiedlayer.com
Sending IP: 162.241.215.47
From: Adelbert Schmidt <adelbert.schmidth@HanonSystems.com>
Reply-To: procurement.team76@yahoo.com
Subject: Final RFQ FOR RRMIP-GSD Schrobenhausen PROJECT TECHNICAL PROPOSAL FOR PROCUREMENT OF PROJECT MATERIALS (FINAL REMINDER)
Attachment: Final RFQ FOR RRMIP-GSD Schrobenhausen PROJECT TECHNICAL PROPOSAL FOR PROCUREMENT OF PROJECT MATERIA (contains "FINAL_RF.EXE")

AgentTesla SMTP exfil server:
smtp.masterindo.net:587

Intelligence

File Origin
# of uploads :
3
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FVR97B1CDB35EA0.28661.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c6af67c66c24d7bfe9f2645f9807a495c6e57161f7fe3a36f1a17e09a278b78c/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 06:53:08 UTC
File Type:
Binary (Archive)
Extracted files:
24
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y2xwprtmetl372psmrpzqb5esxdok4lb677dunxruf7atityw6ga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso c6af67c66c24d7bfe9f2645f9807a495c6e57161f7fe3a36f1a17e09a278b78c

(this sample)

AgentTesla

Executable exe ef5124e59b7de8bb454f0e014c759940afed60e295ce400655de250cabdf4dac

  
Dropping
MD5 2b4446578c3fce00b96f340cea1be3c8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ef5124e59b7de8bb454f0e014c759940afed60e295ce400655de250cabdf4dac

Comments