MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6491fd0a73271874b96d1ff53a1bb5090e884b6f47dc655220984fe9d4ff012. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b6491fd0a73271874b96d1ff53a1bb5090e884b6f47dc655220984fe9d4ff012
SHA3-384 hash: 923b1c5b35586b3322ffd8219c5010b976b664a2b789bb0dd3cc999165d677d27049d0f446fdb96b37f8f3f4873374ef
SHA1 hash: 8a9b5fecdb1f88415094964402d9121446aeba89
MD5 hash: 39ce6d08ef11165118c1118507412e90
humanhash: georgia-vegan-friend-idaho
File name:TT SWIFT _679388 190617_2019-NLCIV000003576_ES146009_30309679.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:414'857 bytes
First seen:2020-07-10 10:20:42 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:huu+jh7qN1zY3IeuNdN5rmkX2OajEXjW6f9ze7MrcgMEXVcqZbH8YZmxawdA+:hux9c1zGuNdvCk/WOPrNSqJHpmHx
TLSH 6E9423B75DFAC7221781B999FEC287CB46305CC833EE19DA5E2760D3C272A1D854262D
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: lasfragancias.com
Sending IP: 200.110.77.218
From: R2_SSC Russian <rarias@lasfragancias.com>
Subject: AW: Swift
Attachment: TT SWIFT _679388 190617_2019-NLCIV000003576_ES146009_30309679.z (contains "TT SWIFT _679388 190617_2019-NLCIV000003576_ES146009_30309679.exe")

AgentTesla FTP exfil server:
ftp.rebu.co.rw:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b6491fd0a73271874b96d1ff53a1bb5090e884b6f47dc655220984fe9d4ff012/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 10:22:08 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wzer7ufhgjyyos4w2h7vhin3kciorbfw6r64mvjcbgcp5hkp6aja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z b6491fd0a73271874b96d1ff53a1bb5090e884b6f47dc655220984fe9d4ff012

(this sample)

AgentTesla

Executable exe a456844d3fc1c6c2d4afcec0a4bb8aaf2c50efec893379e869cee9d11146dc33

  
Dropping
MD5 9fbe355f3b64519f72a85dcbeebefa87
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a456844d3fc1c6c2d4afcec0a4bb8aaf2c50efec893379e869cee9d11146dc33

Comments