MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be69d394c441d6c909b853564e72a023c26a2f6f18d19cb2b4625a6c43b6badb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be69d394c441d6c909b853564e72a023c26a2f6f18d19cb2b4625a6c43b6badb
SHA3-384 hash: a0861d04e9849201c70dc54ec232089d6f8d1213ebf25bc44e55105aa875d3c9b4afedc93bc3188715e7df63add29bfe
SHA1 hash: f6535802e879001de001b0f8cb2f27188ce4fec6
MD5 hash: 12a9d22fc3e85540a2230db04dd09fe9
humanhash: artist-asparagus-avocado-lactose
File name:signed sc.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:379'551 bytes
First seen:2020-06-15 11:17:11 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:OtEBZGFwdxmGxDxPgGXoWrZ5M+LH8qGu+c9wRc9IDLqEJ:OtqZGn+ZXzZ6+LcqGu+Sw+7i
TLSH 0C8423FE847E362D8BE7B87FB6509150E1A5FB9095685127570EBCC063AC709A0D306F
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email
From: Chris Ngai <chris.ngai@mcphk.com>
Received: from mcphk.com (unknown [185.222.58.152])
Date: 15 Jun 2020 10:22:18 +0200
Subject: New order 1003414 for item# CPI64 x 1152sets & CPI68 x 864sets
Attachment: signed sc.gz

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 11:19:04 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xzu5hfgeihlmscnyknle44vaepbgul3pddizzmvumjngyq5wxlnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz be69d394c441d6c909b853564e72a023c26a2f6f18d19cb2b4625a6c43b6badb

(this sample)

AgentTesla

Executable exe 8e5c41390f995c72ea749d6f141ec790ab5a61e843355592c2956ee01d8bb005

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8e5c41390f995c72ea749d6f141ec790ab5a61e843355592c2956ee01d8bb005
  
Dropping
AgentTesla

Comments