MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c6e631d1111c9d0e04c1b6a6716f3011c7e506c75e9c67e48da47479661c0de3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c6e631d1111c9d0e04c1b6a6716f3011c7e506c75e9c67e48da47479661c0de3
SHA3-384 hash: 5f1429b5365cf9f55ffdb026b9970af25dc5d6c90c8e95280833cf33f1de5843b0f79b28f38a243b6e783a654210726c
SHA1 hash: aee8f925f247531a0452d8f8a8df0c01bf5d1f46
MD5 hash: c29afa3c0004d4fca8c9f510adfdeb78
humanhash: hot-vegan-ohio-pizza
File name:cotización.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:423'600 bytes
First seen:2020-07-07 05:38:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:E27/i83KBbPVZ658RCI0HwkMpQoFhGy6sfZAvjAfDqYx:E2768327658RgQkMioFhwlMfDqS
TLSH 7694234B4E4E830536A5C3A74424B270757EAC629C4C29DB9CA501F6E1E5FAF34ACF63
Reporter abuse_ch
Tags:AgentTesla CHL geo zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: fre.freespirittours.ge
Sending IP: 192.254.140.61
From: Andrés Gutierrez <agutierrez@minetec.cl>
Subject: cotización
Attachment: cotización.zip (contains "cotización.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c6e631d1111c9d0e04c1b6a6716f3011c7e506c75e9c67e48da47479661c0de3/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 05:40:06 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y3tdduirdsoq4bgbw2thc3zqchd6kbwhl2ogpzenur2hszq4bxrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c6e631d1111c9d0e04c1b6a6716f3011c7e506c75e9c67e48da47479661c0de3

(this sample)

AgentTesla

Executable exe c01753dd68c42bc2c0378b93891b424d671cfc6a58a8726e40fa9675122ea028

  
Dropping
MD5 24c35b47082e767b4ac22680441e832f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c01753dd68c42bc2c0378b93891b424d671cfc6a58a8726e40fa9675122ea028

Comments