MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b78665b3853f610286beb2c8421f7dfa2c7ec9c6776174e3302ca45ea38fcbd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b78665b3853f610286beb2c8421f7dfa2c7ec9c6776174e3302ca45ea38fcbd9
SHA3-384 hash: 64e926996d91555c0087e95dd607f90eb504f2cbf4a00ec8bc4ae596106464b0ebfe1b0e976045aa9d4853d144d99c5b
SHA1 hash: a1cc5fb40a385f9017b1198b17f56bc6786acbc6
MD5 hash: 1f32cc09ca09a2f366865a06a82c4b24
humanhash: emma-neptune-tennis-table
File name:FACTURA DE ABRIL.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:369'995 bytes
First seen:2020-05-19 14:23:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:u3y5YLSLRm6UtqY59bRUGgN25vTfib5AoAPedUVhqZMRQMcmGaZk5ed0wn:uRLDfUY3nzEhAPedUCWRQMcmGwFn
TLSH 2F7423F666ECEB8A95BCD6519C828C5704D0636CCB764E24D52BD2B7F0288FD0399724
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: srvweb01.prognatus.pt
Sending IP: 151.236.32.243
From: Enric Mata <e.matta@eternitytechnologies.es>
Subject: Factura de abril
Attachment: FACTURA DE ABRIL.rar (contains "FACTURA DE ABRIL.exe")

AgentTesla SMTP exfil server:
mail.segimar.es:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.47202.16007.12337.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 12:12:59 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=w6dglm4fh5qqfbv6wleeeh357iwh5sogo5qxjyzqfssf5i4pzpmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b78665b3853f610286beb2c8421f7dfa2c7ec9c6776174e3302ca45ea38fcbd9

(this sample)

AgentTesla

Executable exe 6d12b7ab3f0322eb4a6d8d74a7749c2c10a09009119fa5767cf364bb93a5b6d5

  
Dropping
MD5 2ee6cd62060577ea015c83cff760c99d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6d12b7ab3f0322eb4a6d8d74a7749c2c10a09009119fa5767cf364bb93a5b6d5

Comments