MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c6d3f058ae3d3d3609586acdd1fc51d20071dbd048975ca9959fb3d0ec7b7870. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c6d3f058ae3d3d3609586acdd1fc51d20071dbd048975ca9959fb3d0ec7b7870
SHA3-384 hash: f07e87133d9bd95fa0748f43ee4c504da007565e7a4c7247dad44d6bf29c9947ad9e441eaf5fa3644261c900cd1c43cc
SHA1 hash: e34a536a97224300ff192fad530422feccec47fc
MD5 hash: f6f1c9e6cacd63700093fb62b0246961
humanhash: charlie-hamper-friend-winner
File name:payment slip.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:518'657 bytes
First seen:2020-06-02 11:56:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:28Pmmt6ZYiHa6zORo904+8upVAtFnD5dazvNo/x15MgdqI19L9bVcsbLR8gZTXLc:umtSJHp9aMtFD5p/x1Ggf199J8cGM7iX
TLSH 46B423E9B780CB94F189A5A17F0EBDCC6DA5E51E1E0177D3921908B4FF2D8B032D0A46
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: park-mx.above.com
Sending IP: 103.224.212.34
From: brave@projectinquiry.pw
Subject: Payment Confirmation
Attachment: payment slip.zip (contains "payment slip.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21664.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 21:33:07 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y3j7awfohu6tmckynlg5d7cr2iahdw6qjclvzkmvt6z5b3d3pbya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c6d3f058ae3d3d3609586acdd1fc51d20071dbd048975ca9959fb3d0ec7b7870

(this sample)

AgentTesla

Executable exe 9e4a0e9ca5fc3d99fa1910cd19bd8db39c79ba01320341e5c9ce30ecff9ecdd3

  
Dropping
MD5 e44da520fb1bd768b2ecb9de8d4f9af0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9e4a0e9ca5fc3d99fa1910cd19bd8db39c79ba01320341e5c9ce30ecff9ecdd3

Comments