MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16ba1ac62713b339860906be9a645724641f8c55dc9743f230632f107b694162. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16ba1ac62713b339860906be9a645724641f8c55dc9743f230632f107b694162
SHA3-384 hash: 18d9b73b52f8c846a29e712af8664c76a3d5e5638a06e24ff08b9c1b650d2dd60c91eeb30dfdcd1826a1c60c57a64563
SHA1 hash: 5d3a8fb6b1c6597369e6c0d13f4db67526c1507b
MD5 hash: 11db2c5db12047d39a21673ed9247072
humanhash: solar-robert-hamper-high
File name:PI 20-S880320V8.pdf.uue
Download: download sample
Signature AgentTesla
Create hunting rule
File size:279'273 bytes
First seen:2020-08-19 14:17:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:1nqqCQ7A8s2HPqzM1WOKUmrjV8dDTI1YtUUNrkraaltj8g:7A8s2vRaXVakXNaut
TLSH 3954232B60A0FE2AF8B4482F7BC25F691E678674C848E9D358B753C11352D8AB91770D
Reporter abuse_ch
Tags:AgentTesla MailChannels uue


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: beige.elm.relay.mailchannels.net
Sending IP: 23.83.212.16
From: Bergamot Sdn Bhd <sales@co.jp.kxikn.xyz>
Subject: Re: Fwd: Re: RE: Revised Invoice
Attachment: PI 20-S880320V8.pdf.uue (contains "PI 20-S880320V8.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Generic-S.13031.6594.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/16ba1ac62713b339860906be9a645724641f8c55dc9743f230632f107b694162/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-19 14:18:07 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=c25bvrrhcozttbqja27juzcxersb7dcv3sluh4rqmmxra63jifra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/16ba1ac62713b339860906be9a645724641f8c55dc9743f230632f107b694162

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 16ba1ac62713b339860906be9a645724641f8c55dc9743f230632f107b694162

(this sample)

AgentTesla

Executable exe 6f881ac62ccc9fa3075114b64de262ef896ef9e14b4040e659fe7a362fe13362

  
Dropping
MD5 93879252b2e0f720315a2bf4b7d8aaf8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6f881ac62ccc9fa3075114b64de262ef896ef9e14b4040e659fe7a362fe13362

Comments