MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6795a07c867f20fc16bcaed7a8fd1ff0390fa2dcd926ca6a4e8c9b27aa94b4c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6795a07c867f20fc16bcaed7a8fd1ff0390fa2dcd926ca6a4e8c9b27aa94b4c9
SHA3-384 hash: c18d26656595c84b3606fc1f20bb47cf5332a88e13d098afc389d08336883c9a3fea5a22d4c38e7d9257fa523f9127c9
SHA1 hash: 396e01b7202d08bb8304c68c59ce7f626c30fe1e
MD5 hash: 1351a881f56e3d405f6a1ce470c456c0
humanhash: asparagus-jersey-blossom-eleven
File name:order11520520_pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:419'258 bytes
First seen:2020-05-20 12:08:49 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:blC+bo/XJi+/bgKgeRkCnq84xSlUjGNu1f:A9XXDKCq84xUUX1
TLSH 0094230A1F7B2E83C56A5314E2F7470438F1A54A87B7EF009AF9F1EB5428CE84C64D65
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: m97110.mail.qiye.163.com
Sending IP: 220.181.97.110
From: Sales <shild@cheaa.com>
Subject: new order(top urgent)
Attachment: order11520520_pdf.zip (contains "order#11520520_pdf.exe")

AgentTesla SMTP exfil server:
mail.imatechwiring.com:587

AgentTesla SMTP exfil email address:
zappoh@imatechwiring.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.24886.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 12:32:42 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m6k2a7egp4qpyfv4v3l2r7i76a4q7iw43etmu2sorsnspkuuwteq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6795a07c867f20fc16bcaed7a8fd1ff0390fa2dcd926ca6a4e8c9b27aa94b4c9

(this sample)

AgentTesla

Executable exe ede1cc754e047082946e0e3bdc5487406aa36881da14fc3f15fcf2d3265e8757

  
Dropping
MD5 470f80a9b3a8ba2d54ca509363602daa
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ede1cc754e047082946e0e3bdc5487406aa36881da14fc3f15fcf2d3265e8757

Comments