MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de6b69a872106cf747b7684ba9e723ca2b84128d0d9e12130a02829c551a8126. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: de6b69a872106cf747b7684ba9e723ca2b84128d0d9e12130a02829c551a8126
SHA3-384 hash: 4bedba936927a505b27145b7210c0b7d3473e3bdedf4f6994b4b328b98c7f7e2ddf4127251c97890b96343c3e8c03713
SHA1 hash: 8dd63c5434f2d4d195557d4d623fd7b468f8d9c3
MD5 hash: b36135fee5e3f15844db07bc1be70115
humanhash: mississippi-lactose-ohio-zebra
File name:Shipping Docs_PDF.r02
Download: download sample
Signature AgentTesla
Create hunting rule
File size:390'614 bytes
First seen:2020-05-25 11:44:25 UTC
Last seen:Never
File type: r02
MIME type:application/x-rar
ssdeep 6144:AiHSLCApB6OrodZWoyt/aVHnOuf5oe4nNKH9p7QHYL/a81REYbh/j3BK/v/khK9H:aOKMrt7HnNoeks9p8HYL/aERXbh/rBKr
TLSH AE8423F52731EFA5F0682B32049DB6C1F389605223D4BDEF4E757368E1AE5C6258C928
Reporter abuse_ch
Tags:AgentTesla r02


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ap.apiholiday.live
Sending IP: 45.95.171.184
From: USAMA HABASH <habash@deemah.com>
Reply-To: USAMA HABASH <info@apiholiday.live>
Subject: shipment notification: 7110212407 final documents
Attachment: Shipping Docs_PDF.r02 (contains "Shipping Docs_PDF.exe")

AgentTesla SMTP exfil server:
mail.candenizcilik.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 12:05:42 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
14 of 30 (46.67%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r02 de6b69a872106cf747b7684ba9e723ca2b84128d0d9e12130a02829c551a8126

(this sample)

AgentTesla

Executable exe 7ee6dc4683dda8e2c8da28b7e8bc308e33ebc36efeabc00ba97445374fc8d6ef

  
Dropping
MD5 1f1bb2915cdbc1e506ea7c3b6f7adbbd
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7ee6dc4683dda8e2c8da28b7e8bc308e33ebc36efeabc00ba97445374fc8d6ef

Comments