MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e7b91e70d3e23a5096de645f26ecb155e05b5e2d3ce94dc425c38758335f63c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e7b91e70d3e23a5096de645f26ecb155e05b5e2d3ce94dc425c38758335f63c
SHA3-384 hash: c8accca0eb0d851d6d27444de8d65e14127aacf5f0ad56060528db05ca5a2641e428914ccdd89a066c4c73b1f1222a3b
SHA1 hash: 3495894a4553797af56fb11d03390613f66bf037
MD5 hash: 8be81ac75b15a3abecb1c5a11f89eac9
humanhash: single-maryland-happy-dakota
File name:Rebounced Message Body.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-04 06:33:18 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:qUWSfsdZHN9PsE2KYnNUonAo1ta474iCayaurz8d10A8I:xfmZHnP6KYNAo1ta47Ka1uY7
TLSH 2445D0D2722A58A7C53915F10845990023F4D81D79A6E2DDFCEAB7DE05F378206B2F8B
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 162-144-100-85.unifiedlayer.com
Sending IP: 162.144.38.36
From: Cheil INC <enquiry@oxy99.in>
Reply-To: Cheil INC <enquiry@oxy99.in>
Subject: Enquiry
Attachment: Rebounced Message Body.img (contains "Rebounced Message Body.scr")

AgentTesla SMTP exfil server:
mail.northwestpowdercoating.co.uk:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 05:43:25 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pz5zdzynhyr2kcln4zc7e3wlcvpalnpc2phjjxcclq4hlazv6y6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 7e7b91e70d3e23a5096de645f26ecb155e05b5e2d3ce94dc425c38758335f63c

(this sample)

AgentTesla

Executable exe 764faf8d3be8afed56e8c6f98c43de9404f5f835df197dc295d30b134565f82e

  
Dropping
MD5 b60a45eb5a4acfd8fb4a48571c328883
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 764faf8d3be8afed56e8c6f98c43de9404f5f835df197dc295d30b134565f82e

Comments