MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b179494cbe6e0b93f07ebb81c714f888fff69d718fa78286c9e1a046a96081b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: b179494cbe6e0b93f07ebb81c714f888fff69d718fa78286c9e1a046a96081b4
SHA3-384 hash: 6a01d043099c980c45730e13001d736eaa43901c05e2e1c18e18fb21e2c2a159668fde475fb26c1ed6aa1680d0fcf371
SHA1 hash: 084413bf378fb25d5b46e1296e4e12be63217810
MD5 hash: 0a48cbe082f3413e327289fb9c42ad5b
humanhash: maryland-blossom-sixteen-delta
File name:Encomenda a Fornecedor nº 2177.img
Download: download sample
Signature AgentTesla
File size:714'752 bytes
First seen:2020-07-31 16:08:54 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:LHAgbCa8sGQTr79qgELUsijKfSnU7uX0/+hnDYEvlOQ3XdQkOAr/h:LHX8kT9YTUpnU6K+hD9lOQ3Xp
TLSH 14E42A393AC3A414D53E1A7188B469D167B1B28B2F11CF1F39CA1B9C5F036CB7B4625A
Reporter @abuse_ch
Tags:AgentTesla img


Twitter
@abuse_ch
Malspam distributing AgentTesla:

From: Rieche GmbH & Co.KG <laclavelina@laclavelina.com>
Subject: Inquiry : IP200299 / AF2004063
Attachment: Encomenda a Fornecedor nº 2177.img (contains "Encomenda a Fornecedor nº 2177.exe")

AgentTesla SMTP exfil server:
mail.gruppoei.tk:587

AgentTesla SMTP exfil email address:
gaddafi@gruppoei.tk

Intelligence


File Origin
# of uploads :
1
# of downloads :
49
Origin country :
FR FR
Mail intelligence
Geo location:
IT Italy
Volume:
Low
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Status:
Malicious
First seen:
2020-07-31 16:10:08 UTC
AV detection:
12 of 48 (25.00%)
Threat level
  5/5
Threat name:
Legit
Score:
0.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img b179494cbe6e0b93f07ebb81c714f888fff69d718fa78286c9e1a046a96081b4

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments