MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 606a07c0b86b532093862fe6d5bb1e7d87b107e381192bc445dd542ba735949e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 606a07c0b86b532093862fe6d5bb1e7d87b107e381192bc445dd542ba735949e
SHA3-384 hash: 337747d1dc01ea9aa3eb6e39196735437796bd052c71ce64b9360f739b5f7576b5191d411d1b4022f0a1c61f06f1ef57
SHA1 hash: b9ba8a8ff871f94a8831c478691399197f876a20
MD5 hash: 2e3554bcefd8781af81cc32fa784d3a9
humanhash: july-speaker-orange-magazine
File name:COTIZACIÓN__PDF__________________________________________________________________65746464.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:404'003 bytes
First seen:2020-08-18 09:52:15 UTC
Last seen:2020-08-18 09:55:18 UTC
File type: gz
MIME type:application/x-rar
ssdeep 6144:eyiiqnCZFhWBq+gIFPxe3HiOzMGROWk0UEdkbqXTM7r8DLzRLyYDvxu6VcamS0Oa:NiVnwW8+g0FOzMGR9/ajrIRuYDJuWm5N
TLSH 138423B04B4264E12C2B7C75EA53E98DE1917DBF79FA21752ED02CB0E1AF219171B183
Reporter abuse_ch
Tags:AgentTesla ESP geo gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: www4.almsoft.net
Sending IP: 193.239.194.10
From: Rodrigo.lourencao <citea.paula@rikkosteel.ro>
Subject: Re: COTIZACIÓN
Attachment: COTIZACIÓN__PDF__________________________________________________________________65746464.gz (contains "COTIZACIÓN__PDF__________________________________________________________________65746464.exe")

AgentTesla SMTP exfil server:
smtp.epaindemgroup.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/606a07c0b86b532093862fe6d5bb1e7d87b107e381192bc445dd542ba735949e/
Threat name:
ByteCode-MSIL.Trojan.Sudloader
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 03:35:16 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mbvapqfynnjsbe4gf7tnloy6pwd3cb7dqemsxrcf3vkcxjzvsspa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 606a07c0b86b532093862fe6d5bb1e7d87b107e381192bc445dd542ba735949e

(this sample)

AgentTesla

Executable exe 38e5581d8074acb4f17dfcfd7ad5c05f9e3345264a4b569265cc115a70c78b0a

  
Dropping
MD5 57861eea3c2588762d25a5c67b3f4961
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 38e5581d8074acb4f17dfcfd7ad5c05f9e3345264a4b569265cc115a70c78b0a

Comments