MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15c7aaf96e773849126a63a0c6b567cd27825fe56ebe262098dc56c69432b531. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 5 Yara 1 Comments

SHA256 hash: 15c7aaf96e773849126a63a0c6b567cd27825fe56ebe262098dc56c69432b531
SHA3-384 hash: 6085a4ddc312e90a461b67ca10eadf4d7e70b514bfe3e7ac73706ac4679ace60088cd278168037597ca106da22ca4f8f
SHA1 hash: dde6b3b51bb85fcc964201b6cdb183ca9704b81c
MD5 hash: f2eaec2d18d76621ed844a1877dc360f
humanhash: utah-illinois-sixteen-winner
File name:978905601.msi
Download: download sample
Signature AgentTesla
File size:475'136 bytes
First seen:2020-06-30 12:33:42 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 12288:sEmwnKd59m5CzV0KXIKSJRKJS+QGCwS6uxm/Lp+Tc/:sEmbd/m5CBm+SXRWp+Tc/
TLSH 88A4F128322D5533CE6804FA8582234143F1ACA16942FBDE5DCCB1DD1AF6BDD4E42BA7
Reporter @abuse_ch
Tags:AgentTesla msi


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.natvlgetor.com
Sending IP: 45.95.169.198
From: Patricia Alkaraz <ptcihk@natvlgetor.com>
Subject: Reg. Enquiry
Attachment: 978905601.xls

AgentTesla payload URL.
http://199.195.250.60/gg/978905601.msi

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 30
Origin country CH CH
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17144/
ClamAV SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
CERT.PL MWDB Detection:agenttesla
Link: https://mwdb.cert.pl/sample/15c7aaf96e773849126a63a0c6b567cd27825fe56ebe262098dc56c69432b531/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 12:35:05 UTC
AV detection:17 of 31 (54.84%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:agenttesla
Link: https://tria.ge/reports/200630-28j3bns2ve/
Tags:spyware keylogger trojan stealer family:agenttesla persistence discovery
VirusTotal:No data

Yara Signatures


Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Microsoft Software Installer (MSI) msi 15c7aaf96e773849126a63a0c6b567cd27825fe56ebe262098dc56c69432b531

(this sample)

Comments