MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6917435b59d53f76558df4c6a6a69120537bc2a9e15e1898e8fd2f26535e2bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d6917435b59d53f76558df4c6a6a69120537bc2a9e15e1898e8fd2f26535e2bc
SHA3-384 hash: 26da7920e33999d22bfed8870f073424c427e57d761feec8e344ba8c386bbdd6b9d6262289dfc39c4b85fe0936cd2b86
SHA1 hash: 391a9b2d762444fd08ae8428577ea91b5cd30167
MD5 hash: 366be58ec3628d2b13909008239cb3ad
humanhash: mike-stream-five-dakota
File name:CUSTOMERS_FORM.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'572'864 bytes
First seen:2020-06-16 11:19:06 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:z9QjS7ev6VEt6vwN+2Ey7UdpLexpk9AJGMhU4H444l:RuCg6Nvty7UdIW9AJGMhU4H444l
TLSH F575B4242F816431E53DBD360795ABB1D2B3AD823901DF0F7D85375A6AB32CA7B07258
Reporter abuse_ch
Tags:AgentTesla DHL img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ej-email.beyaz.net
Sending IP: 207.154.196.223
From: DHL Express <ihsan.gokcek@12m.com.tr>
Reply-To: customerservice@dhl.com
Subject: DHL Delivery e-Notification for Incorrect Address
Attachment: CUSTOMERS_FORM.IMG (contains "CUSTOMERS_FORM.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.17796.26138.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 11:21:03 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=22ixinnvtvj7ozky35ggu2tjcictppbktyk6dcmor7jpezjv4k6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img d6917435b59d53f76558df4c6a6a69120537bc2a9e15e1898e8fd2f26535e2bc

(this sample)

AgentTesla

Executable exe 8b6f4add873fd4bb6a6d559b89151aa85da4e17db3b26d6b8c5e35f1cdc811e7

  
Dropping
MD5 b6521cbe6a026e31e99d74353359af8d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8b6f4add873fd4bb6a6d559b89151aa85da4e17db3b26d6b8c5e35f1cdc811e7

Comments