MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58
SHA3-384 hash: 6f0b1c39fa6ea6859785f38de97b3c11fc5ec749713602f1329d90ab028b7cd1e3d43b63b64fb25290356d6ddcd577e9
SHA1 hash: 27bca3871a711fa46aff05a6b1ad1ae4cefaeee5
MD5 hash: 879bdf3d2ea00dc83062834e36ccf7e2
humanhash: harry-hydrogen-mockingbird-tango
File name:P0092737.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:389'933 bytes
First seen:2020-06-08 07:13:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:0iPaNVOoNK1ZGpFtyZ8PWqRVOZ++zUcx9PlXwmj4Zv3j+qnmgcmMkvrPegWX:0QwVhc/GpFtyZ8BTM++zUCXwmUZ7+qnW
TLSH 458423D9FBC12DB2ABC426D3090649BCA25B916A5E41D8ED03076DFC87A4C7F8275E0D
Reporter abuse_ch
Tags:7z AgentTesla Outlook


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: NAM10-DM6-obe.outbound.protection.outlook.com
Sending IP: 52.100.156.239
From: Gateway PO <po@gatewaytrailer.com>
Subject: 우리는 당신의 제품에 관심이 있습니다
Attachment: P0092737.7z (contains "#P0092737.scr")

AgentTesla SMTP exfil server:
mail.exoticpools.com.au:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 07:15:05 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=makpurxfwuv6treqrd5s5dgsg67zgxed2l5r6vl6hia322go35ma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6014fa46e5b52be9c49088fb2e8cd237bf935c83d2fb1f557e3a01bd68cedf58

(this sample)

AgentTesla

Executable exe 15dd0d10d29e9a8844179c08a26be2eeb069604549d3470eb82993f6510d469d

  
Dropping
MD5 eaadfa3ac23981bfb06b63a4f8dbb6f7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 15dd0d10d29e9a8844179c08a26be2eeb069604549d3470eb82993f6510d469d

Comments