MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 75c0601db308796a7e8b5f045f908dd910a4a869cc53d544ed28726ad0eb0537. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information 5 Yara 1 Comments

SHA256 hash: 75c0601db308796a7e8b5f045f908dd910a4a869cc53d544ed28726ad0eb0537
SHA3-384 hash: e429459e54c506b4763639e7b7e6f11125537e36dcaf1c68e1e1b1eb0d9f8e7deea285e746fb955f4feaba74ef828f60
SHA1 hash: 7795bbdef40832cee08256ebe1cca0c6df8bc740
MD5 hash: 7d7c9f126169d3ad991f2b511b466e47
humanhash: hydrogen-double-lithium-steak
File name:11203780.msi
Download: download sample
Signature AgentTesla
File size:454'656 bytes
First seen:2020-06-30 12:08:34 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 12288:qEoQu4d53qOj2bbdaGJSLuz+M//IbVbP8n:qEocdFqOy3daqS6aM//aVbPY
TLSH 9FA4F118325CA833CEBC41F68492A12007B59CB53582F7DA9DCD71E819F7BDD4712AA7
Reporter @abuse_ch
Tags:AgentTesla msi


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: sonic315-15.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.134.125
From: ALOROBA.Cont.Co. L.L.C <d_rojas.borgatta@yahoo.com>
Reply-To: ALOROBA.Cont.Co. L.L.C <hunt-greg@hotmail.com>
Subject: INV&SWIFT E20/001828 GWENT
Attachment: 11203780.xls

AgentTesla payload URL:

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 28
Origin country CH CH
CAPE Sandbox Detection:n/a
Link: https://www.capesandbox.com/analysis/17106/
ClamAV SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
CERT.PL MWDB Detection:agenttesla
Link: https://mwdb.cert.pl/sample/75c0601db308796a7e8b5f045f908dd910a4a869cc53d544ed28726ad0eb0537/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 12:10:06 UTC
AV detection:17 of 31 (54.84%)
Threat level:   2/5
Hatching Triage Score:   10/10
Malware Family:agenttesla
Link: https://tria.ge/reports/200630-3wddv8b2r6/
Tags:spyware keylogger trojan stealer family:agenttesla persistence discovery
VirusTotal:Virustotal results 16.13%

Yara Signatures


Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Microsoft Software Installer (MSI) msi 75c0601db308796a7e8b5f045f908dd910a4a869cc53d544ed28726ad0eb0537

(this sample)

Comments