MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6db6965d24d8f319c66e9e91db0b66e3ac3167bd0a7ae4dbd3c7996137fdaba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: b6db6965d24d8f319c66e9e91db0b66e3ac3167bd0a7ae4dbd3c7996137fdaba
SHA3-384 hash: a4ad9d0d4c066a96adb8c9e781b7f5c31b30440a1df567b1a0756588568890165f3e7a06f76e08fa5b320e2a2aec6992
SHA1 hash: aae7b790766f0b1a22789f7f60a842e006b0905a
MD5 hash: 23095fe5af0c5719f58ad0f6d19751c3
humanhash: equal-mobile-ack-illinois
File name:DETALLES DE SEGUIMIENTO DE FedEx-pdf.7z
Download: download sample
Signature AgentTesla
File size:1'001'879 bytes
First seen:2020-06-18 06:09:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:y9TnoZOKe1zSJ+5di5fAlceeSzfN2T52vd8zwvkxPJUKQgPsafNOUJJs8xCbb:y9LokhSkvimGeejT5CFWho+NNPJJsACP
TLSH 382523725EB1033CC841A5FB961A0F0469839A734C0BF96C66AFDD8C43ABBE538159D7
Reporter @abuse_ch
Tags:7z AgentTesla DHL ESP geo


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: linux727.grserver.gr
Sending IP: 185.4.133.226
From: Kimberley Lin <kimberley.lin@fedex.com>
Reply-To: Kimberley Lin <dustiutd12@hotmail.com>
Subject: NOTIFICACIÓN DE ENTREGA FedEx
Attachment: DETALLES DE SEGUIMIENTO DE FedEx-pdf.7z (contains "DETALLES DE SEGUIMIENTO DE FedEx-pdf.exe")

AgentTesla FTP exfil server:
ftp.kassohome.com.tr:21

Intelligence


File Origin
# of uploads :
1
# of downloads :
44
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
High
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-06-18 06:11:07 UTC
AV detection:
25 of 48 (52.08%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b6db6965d24d8f319c66e9e91db0b66e3ac3167bd0a7ae4dbd3c7996137fdaba

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments