MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f6be419d299a115fd72f1187486f89a1a6cf758390cc95db66d14b12396e9287. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f6be419d299a115fd72f1187486f89a1a6cf758390cc95db66d14b12396e9287
SHA3-384 hash: cdaff43d07cd2aff872b9f836f2d752e1a6e4f8119b542832d4929fe593cd2524b4e24bc428f27457f8c8232957f074f
SHA1 hash: b518b663a2c13be6206d19539e41e17b3cd1f929
MD5 hash: 71f4bac1ea4fa2f50673ff2c00bd630e
humanhash: jersey-idaho-mississippi-paris
File name:invoice copy.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:417'462 bytes
First seen:2020-04-29 15:23:38 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:RwnapSRcpf7ykreo9GivHDtcgqMyDoYvwD7:Wnf82e/nDtTzqDYn
TLSH 7C9423B4B987D1CE6368F986E55D2754683F1F76E022F3B2024428A8E291333567CD6F
Reporter abuse_ch
Tags:AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: unsw.edu.au
Sending IP: 103.99.1.170
From: Accounts Department
Subject: Revised Invoice
Attachment: invoice copy.pdf.z (contains "invoice copy.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200429-0759.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 01:58:00 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=627edhjjtiiv7vzpcgduq34jugtm65mdsdgjlw3g2ffreoloskdq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z f6be419d299a115fd72f1187486f89a1a6cf758390cc95db66d14b12396e9287

(this sample)

AgentTesla

Executable exe bc1009772fd685f88c177412db4a333a78723286e656e1f6c0601569dbc3e6a1

  
Dropping
MD5 98f8f21c939ae985f2d6a2687c143814
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bc1009772fd685f88c177412db4a333a78723286e656e1f6c0601569dbc3e6a1

Comments