MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d8990708f01d6833193aed26dc1084e6a1117faf216048abbce6f2a23b63c5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d8990708f01d6833193aed26dc1084e6a1117faf216048abbce6f2a23b63c5a
SHA3-384 hash: a68606b05f39ab3757be2f2970779d30d9470a32a98027881d47c199b38cb430757c3a0512a41094537523bf28af3684
SHA1 hash: 4c4caa50001230646db1e513d8449dd062d44266
MD5 hash: c9d29e53a3d30926913b05cc4863447d
humanhash: three-don-yankee-seventeen
File name:New Order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:366'311 bytes
First seen:2020-05-27 18:06:09 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:XxwzfOdDSozZ1wPF2mYB4dDQLddOIhDnia1/IqvkyU8mq4NpdQhBYXPTXg1CnNDW:Bw7OdDdv71LT1DniZIxUjYhBSw4NDgwW
TLSH AC7423F778F89C816C16B78195414A51C70190F6DBFA95072DEA3CA870A813EBC63B7E
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cmkl.co.in
Sending IP: 192.119.106.147
From: Mitch Nelson-Kleinschmidt <enquiry@cmkl.co.in>
Subject: Urgent New Order
Attachment: New Order.zip (contains "New Order.exe")

AgentTesla SMTP exfil server:
mail.adithyaeng.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20634.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22623.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Mbt
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 01:15:48 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6d8990708f01d6833193aed26dc1084e6a1117faf216048abbce6f2a23b63c5a

(this sample)

AgentTesla

Executable exe d3a6ec1b4593a2a1deac860673e88e87c29577fa412472c7b8132dd775dbb6ba

  
Dropping
MD5 8c37d525c748cc04723fc271c606d916
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d3a6ec1b4593a2a1deac860673e88e87c29577fa412472c7b8132dd775dbb6ba

Comments