MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b7c8d418b3cd4874e12d8f2f45f4c621c01530b75f5c75b290148376398ed90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b7c8d418b3cd4874e12d8f2f45f4c621c01530b75f5c75b290148376398ed90
SHA3-384 hash: a4edba2ede4227373f4609efb1e3ba271be21b89c6648d936e060ab2e61407bb7324e0763424368b8123d45ccf593288
SHA1 hash: 12943f18b382f9c0c1be0bb9147630298493c6b7
MD5 hash: 767f89a1610a7c19ff2ea1a3b4188e81
humanhash: enemy-whiskey-happy-speaker
File name:ID-Statement of Account_s-XXXXX6290-081220232003311731.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:720'635 bytes
First seen:2023-12-19 18:32:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:fHtXh0NZRn/aG+8Jjt5wqj8x07axT/tGO3rpHUUoZnUIE3LIrYq+LgTGvfEDtGuN:1REZ9aG+8Brjk07aXnNRahE3a+kTGvfW
TLSH T11CE4338EEC5B3532CD93B311904EF4CB74F1FE6D452947F9346823664F2AA482D7AA50
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""FedEx Express - Do Not Reply" <RO-NOREPLY@fedex.com" (likely spoofed)
Received: "from hosted-by.rootlayer.net (unknown [45.137.22.165]) "
Date: "19 Dec 2023 19:30:24 +0100"
Subject: "None"
Attachment: "ID-Statement of Account_s-XXXXX6290-081220232003311731.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
219
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:ID-Statement of Account_s-XXXXX6290-081220232003311731.exe
File size:948'224 bytes
SHA256 hash: 0ca7d41fee3a2830bf3c46fad06e838fa2f3a362a3f62f58f1b3f0176146ddc3
MD5 hash: 5ffe3572f2313169024f1eb5547ad331
MIME type:application/x-dosexec
Signature AgentTesla
Vendor Threat Intelligence
Detection(s):
Porcupine.Malware.58887.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
masquerade packed
Link:
https://www.filescan.io/uploads/6581e1e17d4bdb7f8bf8115e/reports/2c34ab8c-96f1-48bb-b60a-8aef0de2197d/overview
Verdict:
Malicious
Labled as:
Troj/Krypt
Link:
https://www.hybrid-analysis.com/sample/6b7c8d418b3cd4874e12d8f2f45f4c621c01530b75f5c75b290148376398ed90
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/6b7c8d418b3cd4874e12d8f2f45f4c621c01530b75f5c75b290148376398ed90
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Score:
0%
Verdict:
Benign
File Type:
Archive
Link:
https://malprob.io/report/6b7c8d418b3cd4874e12d8f2f45f4c621c01530b75f5c75b290148376398ed90
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6b7c8d418b3cd4874e12d8f2f45f4c621c01530b75f5c75b290148376398ed90/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-12-19 18:32:22 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
12 of 23 (52.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nn6i2qmlhtkiotqs3dzpix2mmioacuylox24owzjafedoy4y5wia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6b7c8d418b3cd4874e12d8f2f45f4c621c01530b75f5c75b290148376398ed90

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6b7c8d418b3cd4874e12d8f2f45f4c621c01530b75f5c75b290148376398ed90

(this sample)

AgentTesla

Executable exe 0ca7d41fee3a2830bf3c46fad06e838fa2f3a362a3f62f58f1b3f0176146ddc3

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0ca7d41fee3a2830bf3c46fad06e838fa2f3a362a3f62f58f1b3f0176146ddc3
  
Dropping
AgentTesla
  
Dropping
MD5 5ffe3572f2313169024f1eb5547ad331

Comments