MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d4dd83a286e0859f53748279ae2ddce4c7c6b599f51f95e8c59d46013dff470. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d4dd83a286e0859f53748279ae2ddce4c7c6b599f51f95e8c59d46013dff470
SHA3-384 hash: d4781cec3e1f75bf049b7598e73b873eb183cd528d80a6f05b8df75d214d094ee3c767e3842e99bd3c329563b9e1572a
SHA1 hash: 245c19a6201c8efcc2a70bb5f2d650d628c6cccf
MD5 hash: 7a028d84b5e0f1c5e7fd7792c5abf9a2
humanhash: stream-single-johnny-cold
File name:FINANCIAL YEAR CLOSURE MEMO.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:410'700 bytes
First seen:2020-06-18 12:52:20 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:dUxafmUhQzR9aVnqPU9T0wtwBMJ3N9ArcvsKr4Jsega/apA7Wq7L1hJ5oA:OImUhQbaT0wiV1syipuW2L1KA
TLSH C494232F2BD0EFE981CF3D06A9842488953060B7C7E1A571F1EBADC6D41BD35A057E58
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: no-reply.com
Sending IP: 95.211.208.50
From: Finance Manager <finanace@no-reply.com>
Subject: FINANCIAL YEAR CLOSURE MEMO
Attachment: FINANCIAL YEAR CLOSURE MEMO.r00 (contains "FINANCIAL YEAR CLOSURE MEMO.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 13:36:25 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nvg5qorinyeft5jxjatzvyw5zzghy22zt5i7sxumlhkgae676rya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 6d4dd83a286e0859f53748279ae2ddce4c7c6b599f51f95e8c59d46013dff470

(this sample)

AgentTesla

Executable exe a27f85891571821ba5973efd1b4c65da9d1ab31e913978475406eb258dfac5f1

  
Dropping
MD5 bcce9dc22a472e15d1838250a0075014
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a27f85891571821ba5973efd1b4c65da9d1ab31e913978475406eb258dfac5f1

Comments