MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b179494cbe6e0b93f07ebb81c714f888fff69d718fa78286c9e1a046a96081b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b179494cbe6e0b93f07ebb81c714f888fff69d718fa78286c9e1a046a96081b4
SHA3-384 hash: 6a01d043099c980c45730e13001d736eaa43901c05e2e1c18e18fb21e2c2a159668fde475fb26c1ed6aa1680d0fcf371
SHA1 hash: 084413bf378fb25d5b46e1296e4e12be63217810
MD5 hash: 0a48cbe082f3413e327289fb9c42ad5b
humanhash: maryland-blossom-sixteen-delta
File name:Encomenda a Fornecedor nº 2177.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:714'752 bytes
First seen:2020-07-31 16:08:54 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:LHAgbCa8sGQTr79qgELUsijKfSnU7uX0/+hnDYEvlOQ3XdQkOAr/h:LHX8kT9YTUpnU6K+hD9lOQ3Xp
TLSH 14E42A393AC3A414D53E1A7188B469D167B1B28B2F11CF1F39CA1B9C5F036CB7B4625A
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: Rieche GmbH & Co.KG <laclavelina@laclavelina.com>
Subject: Inquiry : IP200299 / AF2004063
Attachment: Encomenda a Fornecedor nº 2177.img (contains "Encomenda a Fornecedor nº 2177.exe")

AgentTesla SMTP exfil server:
mail.gruppoei.tk:587

AgentTesla SMTP exfil email address:
gaddafi@gruppoei.tk

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.15535.11640.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b179494cbe6e0b93f07ebb81c714f888fff69d718fa78286c9e1a046a96081b4/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-31 16:10:08 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wf4ustf6nyfzh4d6xoa4ofhyrd77nhlrr6tyfbwj4gqenklaqg2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b179494cbe6e0b93f07ebb81c714f888fff69d718fa78286c9e1a046a96081b4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img b179494cbe6e0b93f07ebb81c714f888fff69d718fa78286c9e1a046a96081b4

(this sample)

AgentTesla

Executable exe f67337d939b7a8d33762e080856099d05b5ff3404bc285f4dd249281289f57c8

  
Dropping
MD5 05fbb43cc400bde8bbe2906e2d80d3a1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f67337d939b7a8d33762e080856099d05b5ff3404bc285f4dd249281289f57c8

Comments