MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6cefe42ff847620d1611ff716fd3f3bd65efadc5217d25c3302d929a19691a65. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6cefe42ff847620d1611ff716fd3f3bd65efadc5217d25c3302d929a19691a65
SHA3-384 hash: 42fed6e4088dfa7dfe062165511e942257bb783844be41e963c85d97df1b3bee8c6e6b619503f427747a57b7688d5212
SHA1 hash: 38fbe9eacbc8e3cf7dae9e0c4b76e34d239190b3
MD5 hash: 75b11d0f75bd4cc4765126130601830e
humanhash: neptune-lithium-hamper-bravo
File name:payment-swift0045.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'023'218 bytes
First seen:2020-10-26 12:55:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:9J648Jds0E8fJd7Cp2amm0rH87GDJtNShgQ:9JiJdxvJ8p2auL1tohgQ
TLSH 0F25331063B730A1E6307EAA5A6E0BFA4F74CD839782C75015612D73B6AB3543B8F1D2
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: tonyhai
Sending IP: 103.225.25.6
From: Finance Team <krajcik@materian.ml>
Subject: RE: HCCI OUTSTANDING PAYMENT $59,459 USD
Attachment: payment-swift0045.zip (contains "payment-swift0847_PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34931936.6519.27969.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6cefe42ff847620d1611ff716fd3f3bd65efadc5217d25c3302d929a19691a65/
Threat name:
ByteCode-MSIL.Ransomware.WannaCry
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 01:40:24 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ntx6il7yi5ra2fqr75yw7u7txvs67lofef6slqzqfwjjugljdjsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6cefe42ff847620d1611ff716fd3f3bd65efadc5217d25c3302d929a19691a65

(this sample)

AgentTesla

Executable exe 774fa620be98d94c8530d9c5e50e48c7595271fb911753b1c16d33dad1bc141d

  
Dropping
MD5 52b7c33a0984f30d676c07c293019547
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 774fa620be98d94c8530d9c5e50e48c7595271fb911753b1c16d33dad1bc141d

Comments