MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6612ce597daf94b745177fea8cbb4710864d91d33aee3d96ec1a6f257c295aaa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6612ce597daf94b745177fea8cbb4710864d91d33aee3d96ec1a6f257c295aaa
SHA3-384 hash: 16a86998f2089b7b913c05598cc1c2967e722767b6cdba0124544ab217fbfcc081098f4d17d07507d1035c97e3065946
SHA1 hash: a42d26b7d2eebeb52cd2dbd4f26f8e790facb521
MD5 hash: 38987726f451800754c17ebf82beb981
humanhash: batman-oregon-winner-bluebird
File name:SALES CONTRACT.PDF.Z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:633'652 bytes
First seen:2021-01-19 07:19:17 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:T+IKWzjAU7JuQ6tw8AA/R6HzVMzqgp0PA/sfDtJ:TaspJsw8Uzp8UAO5J
TLSH 1ED4334D8C31E3EAAF5F229E76A0094D19982AFB77EED9917551DC3CAF6C0015384B0B
Reporter abuse_ch
Tags:z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: boeckling.de
Sending IP: 62.113.215.223
From: SALES1<info@boeckling.de>
Subject: SALES CONTRACT ORDER
Attachment: SALES CONTRACT.PDF.Z (contains "SALES CONTRACT.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.24523.7219.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6612ce597daf94b745177fea8cbb4710864d91d33aee3d96ec1a6f257c295aaa/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 07:20:08 UTC
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=myjm4wl5v6klorixp7vizo2hccde3eothlxd3fxmdjxsk7bjlkva._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6612ce597daf94b745177fea8cbb4710864d91d33aee3d96ec1a6f257c295aaa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 6612ce597daf94b745177fea8cbb4710864d91d33aee3d96ec1a6f257c295aaa

(this sample)

AgentTesla

Executable exe 5093cdfd713f5f3d728893144130b191de136c530b19f84f7c62fa14182c39ee

  
Dropping
MD5 27db7eb8d0628a6ed9d6a3e496935ccf
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5093cdfd713f5f3d728893144130b191de136c530b19f84f7c62fa14182c39ee

Comments