MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6635be1b694b559926c4d131b213322519f7080ba86e09c49bb9af995ec3830a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6635be1b694b559926c4d131b213322519f7080ba86e09c49bb9af995ec3830a
SHA3-384 hash: 0ea11104ec9c20ab778aefe7efa21d77a4f17945e85d08d0a6712163f1db1224e3cd353659f3a3d56a33cee7d236f68a
SHA1 hash: 6d84875c10c13da3f1561c5db1aa92e1602770d8
MD5 hash: 33da443eb74a094026bd6a6324cc4bac
humanhash: blue-purple-undress-ack
File name:consignment details.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:358'874 bytes
First seen:2020-05-01 11:27:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:C7GMoUyTNmveeob627YM8Dauybl4/N7bzHA3SxgHKuK6ryJ+97IG0OFdwtUnx:7hmL437Y3a7uuSnuJ2J+9xFCta
TLSH F1742346A0B9B42ABC9C607107433088497A719A1253DDFB4CA3774B73F73EE1D6D22A
Reporter abuse_ch
Tags:AgentTesla DHL rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cloudhost-144190.uk-south-2.nxcli.net
Sending IP: 165.84.219.64
From: DHL EXPRESS <support@dhl.com>
Subject: Consignment Notification: You have A Package With Us
Attachment: consignment details.rar (contains "consignment details.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 09:48:20 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=my234g3jjnkzsjwe2ey3eezseum7ocalvbxatre3xgxzsxwdqmfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 6635be1b694b559926c4d131b213322519f7080ba86e09c49bb9af995ec3830a

(this sample)

AgentTesla

Executable exe fcdc7b634a27a20fb619cc83b34c74ed0cc850f05fecbf3164ab55413d3e988b

  
Dropping
MD5 a935c3dda1c26033607d0cee7c26fe3c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fcdc7b634a27a20fb619cc83b34c74ed0cc850f05fecbf3164ab55413d3e988b

Comments