MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6383191e445e3f0cdf194ede2ec095e6983a8bc269bebf7ecb9744275f875062. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6383191e445e3f0cdf194ede2ec095e6983a8bc269bebf7ecb9744275f875062
SHA3-384 hash: a59cefc06f109ce7ec0ca80350250b0af1fd9b280f7d8686a789dc08fcfbee63c55ef7f199a9f99583b3f4c9ba76f638
SHA1 hash: d5da39b91cd7b9a30b94ec331cf7581d93b4858b
MD5 hash: e386a11e9c0a0147c1b1e0b438431b4e
humanhash: solar-snake-yellow-stream
File name:predra un.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'261'688 bytes
First seen:2020-05-13 11:03:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:Z8SZnR8ftrtN/uv/k40u4s4GtdCREGFfx1RXrFJQ6NQDB99j:+SZnRYNJf5RE0fPTJJK3j
TLSH 504533CDDB9CA0F4A38384AA63239DD162429ECEE340DF14CA59A95C47677CC378F589
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cink.avalon.hr
Sending IP: 185.58.73.21
From: majanovic@ptt.rs
Subject: Emailing: DOPIS 028N-2018 - SMART PRINT d.o.o.
Attachment: predra un.zip (contains "predra un.exe")

AgentTesla SMTP exfil server:
mail.kapackserv.com:26

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Ramnit-1849
Create hunting rule

Win.Trojan.Ramnit-1847
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Virus.Ramnit
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 11:37:03 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
38 of 48 (79.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mobrshsely7qzxyzj3pc5qev42mdvc6cng7l67wls5ccox4hkbra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6383191e445e3f0cdf194ede2ec095e6983a8bc269bebf7ecb9744275f875062

(this sample)

AgentTesla

Executable exe 8addc01173e27e282faccde8d201c4f7a95530c95525ae3290cea5e9537e6469

  
Dropping
MD5 291c4d06c26c50a66531841b34eb870a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8addc01173e27e282faccde8d201c4f7a95530c95525ae3290cea5e9537e6469

Comments