MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b6e364893e256f77caf6854f61259715d1095097decf28e3e73f54d7008e309. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b6e364893e256f77caf6854f61259715d1095097decf28e3e73f54d7008e309
SHA3-384 hash: c4ac3116ecbf529def0e11f67f8ecd6ae918b040aeaaf35159a9b3655f2f6ea839414d37f4c1c557e15afc64bcaab613
SHA1 hash: a8c3bec8dcfcf80a0dd91d06119dafd69bf4578d
MD5 hash: 44f23964b6a374348a68ec0f664c4cab
humanhash: papa-cat-eighteen-island
File name:PAYRECEIPT.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:20'931 bytes
First seen:2021-02-22 23:05:48 UTC
Last seen:2021-02-26 05:16:36 UTC
File type: zip
MIME type:application/zip
ssdeep 384:CZFXovDoB9+3yAdDCohmO7fOC05rNqfiZ7Hww0CsDyYo27cy0:CZ9oDi9/ACoTG4fiZEUScH
TLSH DD92E1B5D4AD4870DC8AF506B051427B29106CD7DCA4E42963C0768AE7F2F7BEA2DC2C
Reporter GovCERT_CH
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
6
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Porcupine.Malware.43883.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6b6e364893e256f77caf6854f61259715d1095097decf28e3e73f54d7008e309/
Threat name:
ByteCode-MSIL.Downloader.BaseLoader
Create hunting rule
Status:
Malicious
First seen:
2021-02-22 23:06:06 UTC
AV detection:
15 of 47 (31.91%)
Threat level:
  3/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nnxdmset4jlpo7fpnbkpmeszoforbfijpxwpfdr6op2u24ai4meq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6b6e364893e256f77caf6854f61259715d1095097decf28e3e73f54d7008e309

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6b6e364893e256f77caf6854f61259715d1095097decf28e3e73f54d7008e309

(this sample)

AgentTesla

Executable exe 586409e98ade6e754cfba0bd0aec2e8690a909c41cebac4085cad6f79d9676b4

  
Dropped by
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 586409e98ade6e754cfba0bd0aec2e8690a909c41cebac4085cad6f79d9676b4
  
Dropping
MD5 3dfd654e06b2e38ec01f88db27abc717

Comments