MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6be641f4a218bd474d900798ab72690439a7a8b03a07ed6d5cef1368f272f4cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6be641f4a218bd474d900798ab72690439a7a8b03a07ed6d5cef1368f272f4cc
SHA3-384 hash: dd3deee04b56227a92f5b8e1616f787ac3bad9778ce6c19c4f6897503db7161ea4fc87ff6128075a4a922cc4b94e12e5
SHA1 hash: 9d39ea16406d8cc325ae0340b42fe6193c1bec40
MD5 hash: b011c991043b508ad0dbe7a99055f6ab
humanhash: leopard-winner-eight-kentucky
File name:997108031350605 tt copy.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:498'363 bytes
First seen:2020-06-02 11:43:05 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:Iy0K3ynnzyXZHcu/bAu57LDI2DQ2dT6muro2srxxfFFNt:wK3KkZ8uZk4TkbWxfXL
TLSH 7CB4234B0A42374B2D60821B27E75F0B5F9BD874B50E7C797BB85090C1FA27E42A36D6
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mstdlrgw.mst-dealer.com
Sending IP: 203.146.21.245
From: Sonia Z Y Lahleh <dlr-a347@mst-dealer.com>
Subject: RE: swift copy
Attachment: 997108031350605 tt copy.gz (contains "997108031350605 tt copy.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 12:37:15 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=npted5fcdc6uotmqa6mkw4tjaq42pkfqhid623k454jwr4ts6tga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 6be641f4a218bd474d900798ab72690439a7a8b03a07ed6d5cef1368f272f4cc

(this sample)

AgentTesla

Executable exe d1af0c54eca027eb8089a7a721c88de4cd6e522c5cf3f38919249d2513174d1b

  
Dropping
MD5 09814305d59892645caccd71693b2933
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d1af0c54eca027eb8089a7a721c88de4cd6e522c5cf3f38919249d2513174d1b

Comments