MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a6108a492bf139da4a5767eec0e764135763a484f002c1cf21b21e7357cc963. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a6108a492bf139da4a5767eec0e764135763a484f002c1cf21b21e7357cc963
SHA3-384 hash: f91dbf9f361c957e81182f93195f754af55e464bbc1c1caafde5816975219f0bbf268cad1cb2c82a11549bd30d6251c8
SHA1 hash: d23bbb4ba9e28dc1ebb28831e6337a7e3f2a43ab
MD5 hash: 85e8144a71261737f3c6eb54d78d9ff0
humanhash: alpha-tennis-foxtrot-social
File name:PO.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:404'663 bytes
First seen:2020-05-25 13:55:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:rshTeRvkJARb13/CtYnb3hZIM+9g5F7o9:rsh5Sb9Ct8xZIMcg5F7o9
TLSH C784234DF82F28AD9BE3BCB707EC4B88412A28153F551716AD6F2A5A7CFA58361D1301
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.greatbritishprinters.co.uk
Sending IP: 213.171.199.91
From: Purchase Department <printers@greatbritishprinters.com>
Reply-To: elen455myo@gmail.com
Subject: New Order
Attachment: PO.zip (contains "PO.exe")

AgentTesla SMTP exfil server:
smtp.cosmocert.bg:587

AgentTesla SMTP exfil email address:
j.l0m@yandex.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21241.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 14:34:52 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
29 of 48 (60.42%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6a6108a492bf139da4a5767eec0e764135763a484f002c1cf21b21e7357cc963

(this sample)

AgentTesla

Executable exe e80c406305835d40bb49659f8c3f8ba919b7fb25bfd0f3e8dd9d3b75bbaacd97

  
Dropping
MD5 c56e984602575188db962718f0bbc70c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e80c406305835d40bb49659f8c3f8ba919b7fb25bfd0f3e8dd9d3b75bbaacd97

Comments