MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c41eced15789027c6adf79782febf552ee38890d5f09acbfcfe0b3df18d3013. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c41eced15789027c6adf79782febf552ee38890d5f09acbfcfe0b3df18d3013
SHA3-384 hash: c4ce5c9637e81c19da2251f1184331ff45a433615b268af8398eafa95f4c3cecbfa5989d0ef71e5483f3bcf1fec01f23
SHA1 hash: 4ab2fe1523b2696a0021e7fe92d4796482c86836
MD5 hash: 0ab7f5cfbb690ce2ea70ff4642d26778
humanhash: winner-nitrogen-october-johnny
File name:05-19-2020 SWIFTCOPY.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:408'832 bytes
First seen:2020-05-20 06:58:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:MccnKYJZPzEfeYdLTKDHTbiEko3nOoo/Yre0i/Thz:MNjJpQGoT2Tbko3Owurp
TLSH D4942301496B357BB58BEABD11FFD61325792F04F895018E6B80B243ED2D3CABA43593
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.afghost.net
Sending IP: 98.142.96.66
From: papelaria@derlipapelaria.com.br
Reply-To: tphels@secretary.net
Subject: 05-19-2020 SWIFT COPY
Attachment: 05-19-2020 SWIFTCOPY.zip (contains "05-18-2020 ((GPI) S.A.R.L..exe")

AgentTesla SMTP exfil server:
vites@vitessesrl.ro:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 07:36:38 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nra6z3ivpcicprvn66lyf7v7kuxohceq2xyjvs747yft34mngajq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6c41eced15789027c6adf79782febf552ee38890d5f09acbfcfe0b3df18d3013

(this sample)

AgentTesla

Executable exe 1c8fe3e075feed316c0015bb98b9ff39595937fbb83ab917da54bf03ec13d701

  
Dropping
MD5 5e8810a4781f34b1ed9a27a2333f4fe3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1c8fe3e075feed316c0015bb98b9ff39595937fbb83ab917da54bf03ec13d701

Comments