MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6eb05e0cc96293e98a1f69c7512ce72b1e6da21ade520415a5ddcfdce0f24fbe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 8

Intelligence 8 IOCs YARA 4 File information Comments

SHA256 hash:	6eb05e0cc96293e98a1f69c7512ce72b1e6da21ade520415a5ddcfdce0f24fbe
SHA3-384 hash:	bb5d4ef6d5e6d858fd80a9d96ea3f5e47f44714c546bbe1cb4f9a0781ac613cb3d25106f083982d46374a8e8c4e1f0ad
SHA1 hash:	f10425d81ea99fc1cd76c9fd3fbab2143d790ffd
MD5 hash:	e2435c7e71c3edfb0fa9eb32fa9311b6
humanhash:	high-mike-green-mexico
File name:	Shipment-2023090506.tar.001
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	831'488 bytes
First seen:	2023-11-13 15:30:21 UTC
Last seen:	Never
File type:	tar
MIME type:	application/x-tar
ssdeep	12288:tcIog4ZebuRP5R14HdFLdoLJO/SKIPTWs3ogZShTF5ElFmFCjP7r9r/+pppppppn:Y5J149FLdoF+Srys3nZQTF5E7mg1q
TLSH	T10F05CE81EA8596A0DC59AB706A36CD3057337EBDA834D11C28DE3DAB3BFB3935025453
TrID	62.9% (.TAR/GTAR) TAR - Tape ARchive (GNU) (17/3) 37.0% (.TAR) TAR - Tape ARchive (file) (10/3)
Reporter	cocaman
Tags:	001 tar

cocaman

Malicious email (T1566.001)
From: "=?UTF-8?B?IlpvZXkg546L6ZuF5p2wIg==?= <service@china-deem.com>" (likely spoofed)
Received: "from china-deem.com (unknown [91.92.241.3]) "
Date: "13 Nov 2023 07:06:11 -0800"
Subject: "Re: RE: [URGENT!]: Freewon Next Shipment 55019318A"
Attachment: "Shipment-2023090506.tar.001"

Intelligence

File Origin

# of uploads :

# of downloads :

119

Origin country :

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	Shipment-2023090506.exe
File size:	829'952 bytes
SHA256 hash:	7f022555ff4dae07b22d6673cf3483a4d6c835099e69ce924a7ab161135a468c
MD5 hash:	bee48666bc76a1c3e19c1cea9a0521d7
MIME type:	application/x-dosexec
Signature	AgentTesla

Vendor Threat Intelligence

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

masquerade packed

Link:

https://www.filescan.io/uploads/65524138946b6ab224610c69/reports/e170a94a-f215-454e-a346-05a30238c291/overview

Verdict:

Malicious

Labled as:

Mal/DrodTar

Link:

https://www.hybrid-analysis.com/sample/6eb05e0cc96293e98a1f69c7512ce72b1e6da21ade520415a5ddcfdce0f24fbe

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Score:

100%

Verdict:

Malware

File Type:

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

tar 6eb05e0cc96293e98a1f69c7512ce72b1e6da21ade520415a5ddcfdce0f24fbe

(this sample)

AgentTesla

exe 7f022555ff4dae07b22d6673cf3483a4d6c835099e69ce924a7ab161135a468c

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 7f022555ff4dae07b22d6673cf3483a4d6c835099e69ce924a7ab161135a468c

Dropping

MD5 bee48666bc76a1c3e19c1cea9a0521d7

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample