MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6bc9999e84e7a09a5bf93530de3ab79aad83cbadfae5bc4538c5306a8cc93275. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6bc9999e84e7a09a5bf93530de3ab79aad83cbadfae5bc4538c5306a8cc93275
SHA3-384 hash: 75083e9067934eeb49e61eb6329940bc767338e986c2bd3d53a0540e1eaa4d1ddf7929bc2bbc0a72f1a07e04a37108c7
SHA1 hash: 0e20ee3d0df5a9c433fcacd3b4f876238405421f
MD5 hash: 942bbbb71824fa5a72651b18f8b929d3
humanhash: yankee-jupiter-pennsylvania-orange
File name:PO.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-07-13 07:04:07 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:k6ICInWw0HC+c2+rIbJascJCLcCPl2bJP3VL9tt2fPYBbns:zTIN0HC+QrIDcYLcCPCF9tt+PP
TLSH 4345D000A2A8A6E1DEFD0FF5D38180110F7098795A4BD28D3DBDF2FE2AB774451169A7
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: us2-ob2-7.mailhostbox.com
Sending IP: 208.91.199.208
From: Frank Smit <fs@air-traaxx.com>
Subject: Re: Order
Attachment: PO.IMG (contains "PO.exe")

AgentTesla SMTP exfil server:
mail.ndfpune.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6bc9999e84e7a09a5bf93530de3ab79aad83cbadfae5bc4538c5306a8cc93275/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 07:06:07 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=npezthue46qjuw7zguyn4ovxtkwyhs5n7ls3yrjyyuygvdgjgj2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 6bc9999e84e7a09a5bf93530de3ab79aad83cbadfae5bc4538c5306a8cc93275

(this sample)

AgentTesla

Executable exe 3c66f6c923c31e14a95ce0888a3ddbe65035b52f8f0477a9097df9c5ff8de1c8

  
Dropping
MD5 070a4973da16d32e155e1040824437cd
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3c66f6c923c31e14a95ce0888a3ddbe65035b52f8f0477a9097df9c5ff8de1c8

Comments